Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox Redirect Problem

adware malware redirect browser

  • This topic is locked This topic is locked

#1
Vinod Antony

Vinod Antony

    Member

  • Member
  • PipPip
  • 31 posts

My firefox opens a new window with some advertisement everytime I click anywhere on the webpage. This doesn't occur for https websites such as facebook or youtube.

 

I checked control panel for any unwanted apps but couldn't find any. My addons and extensions seem fine, nevertheless I have attached a screenshot.

 

Please help Capture.JPG Capture1.JPG Capture3.JPG

 

I have also taken the screenshot of the window that opens up all the time.  I believe its some scam site.


Edited by Vinod Antony, 13 January 2016 - 07:42 AM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by USER (administrator) on HP (14-01-2016 20:35:09)
Running from C:\Users\USER\Downloads\Programs
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\KMS\KMS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\My WIFI Router\bmser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(WordWeb Software) F:\WordWeb\wweb32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8458968 2015-03-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [99064 2015-12-07] (Panda Security, S.L.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [GarenaPlus] => "F:\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [WordWeb] => F:\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [Google Update] => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf7069-67f0-11e5-8252-9457a5ac2e58} - "G:\AutoRun.exe"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf70c9-67f0-11e5-8252-9457a5ac2e58} - "G:\AutoRun.exe"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf729d-67f0-11e5-8252-9457a5ac2e58} - "H:\AutoRun.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{AE90576C-1979-43C9-8D26-79196EFB8156}: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{CD917F21-16FC-4567-8EFF-43E5D9B488A6}: [DhcpNameServer] 172.16.224.2 218.248.233.3

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\3kxbmumj.default
FF NewTab: about:blank
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-01] ( Garena)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Extension: IDM CC - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2016-01-14] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - F:\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - F:\WordWeb\WCaptureMoz [2015-10-21] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-12-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-09-17] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-12-07] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [72952 2015-11-30] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-12-07] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-03-06] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
S2 avgfws; "C:\Program Files (x86)\AVG\Av\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\Av\avgidsagent.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [314800 2015-08-31] (AVG Technologies CZ, s.r.o.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-12-24] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-12-24] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-12-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78584 2015-12-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-12-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-12-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-11-22] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120056 2015-11-29] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-11-22] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-12-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [136952 2015-12-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-11-29] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3568856 2014-09-24] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-03] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\USER\AppData\Local\Temp\gkernel.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 20:35 - 2016-01-14 20:35 - 00000000 ____D C:\FRST
2016-01-12 20:25 - 2016-01-12 20:26 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Users\USER\AppData\Roaming\Panda Security
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-12 20:25 - 2015-05-22 14:15 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-12 20:05 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-10 11:30 - 2016-01-10 11:34 - 00000000 ____D C:\AdwCleaner
2016-01-05 12:38 - 2016-01-05 12:38 - 00000000 ____D C:\Users\USER\Desktop\shone
2016-01-05 12:37 - 2016-01-05 12:43 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR REPORT FORMAT
2016-01-05 12:37 - 2016-01-05 12:37 - 00000000 ____D C:\Users\USER\Desktop\rubil
2016-01-03 11:45 - 2016-01-03 11:45 - 00000000 ____D C:\Users\USER\AppData\Roaming\aipai
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPixel
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
2015-12-31 20:55 - 2016-01-07 09:37 - 00000000 ____D C:\Users\USER\Desktop\seminar mine
2015-12-31 20:36 - 2016-01-06 22:18 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR eg
2015-12-27 18:35 - 2015-12-27 18:35 - 00000000 ____D C:\Users\USER\Documents\VideoPad Projects
2015-12-27 18:31 - 2016-01-03 18:31 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-25 22:00 - 2015-12-25 22:00 - 00000795 _____ C:\Users\USER\Desktop\JRT.txt
2015-12-23 23:32 - 2016-01-08 08:48 - 00000000 ____D C:\Users\USER\Desktop\New folder
2015-12-23 22:50 - 2015-12-23 22:50 - 00000000 _____ C:\autoexec.bat
2015-12-23 22:37 - 2015-12-23 22:37 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-22 22:33 - 2015-12-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-12-21 18:48 - 2015-12-23 18:46 - 00000000 ____D C:\Users\USER\AppData\Roaming\BitTorrent
2015-12-20 00:52 - 2015-12-20 00:52 - 00000000 ____D C:\Program Files (x86)\Garena Total
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\zwjvhcytwbc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\xibfo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\uivgphjr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\tzhdw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\togl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\tnlcyha
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zzmbkjttcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zyowns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zyadeizbstq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxykwvw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxntsmpkns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxlhpcxet
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvybg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvxxfsps
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvxuplfqaiv.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zufsomdnqb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zprns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zph
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\znubd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zmulmsalvp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zmpm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zlvlgaoro.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zkvadtmlfi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zkgl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zhbezzk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zgtn.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zgdzvuq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zfxbo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zerryde
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zdo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zbu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zayfbnltwb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yzvlitevcp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yztg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ywjmsytb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ywcotf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yueiza
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yrvdebxgrzt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yruogei.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yqwnxmuqkr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yqjwaqwjrgn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypwgam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ynbpico.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yjbyky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yifbtom
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yhvfljhx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yft.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yfguqg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yfddtyco.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yeubbz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yeqc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ybnso
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ybcwdcj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yajdu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yacxpunyz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xxfxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xwolbkcl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xwfjdkdtixu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xuyoohmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xsdi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xrjnqaxgslz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xrjmwls.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xratz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xogeiasqdx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xnrwoffi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xnaaiqyn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xlaoaq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xkiazoygsu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xivldzk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xitroqxj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhxj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhliavnncf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhjvdk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhepiahgu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xfor.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xei.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xdu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xdnu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xbwudob.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xbeumyws.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xabxrnwognq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wztapis.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wvpmojcpagc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wvmaql.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wuienx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wtkvqxla.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wriuwbh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wrfmrz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wqnbogohpa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wpushbesv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wpa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wooq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnzrlwgymia
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnwpuad
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnwis
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmsxmgb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmcwjfwebcg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmcbsqz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmaeoulj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wltgfaapaxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wlagsxpfnjc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wkaig
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wjjkwjxof.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wjd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wio
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\winwis
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgjy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgfzxqxc.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgekhz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wchut
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wbyqcoru
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vylysjgigsp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vydky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vxamvnvecd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vwx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vwvpxtf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vuzy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vutlo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vtccpjjxhbl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vrt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vrb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vqzkhuu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vpymgh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlzenqzgwi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vltbvctcek
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlhw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vky.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vhuya
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vhgdwwy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vgkauki
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vexcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vekhfmquvd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vedcfvtun
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vcwbqe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uykjvcews
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uvhkeoo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uuknvmo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\usbsjhq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\urupvqobgah
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\urfoeuqrrvx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\upwhfcfpq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\upqsk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\umckcky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\umblkiu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ukqsipcp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujurc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujupkolaxz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujemlvpjgb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uilhoi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uhgxcxne.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ugh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\udixx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ubomomrwsdk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uaqqwmjt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\txkpazbbtc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tvumtdvg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tviuuwtwvs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tubh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tttpgilubhz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\trpcwzo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\trjhziwhqax
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tqkrkktdw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tplabizkfi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tparier
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmksiwyo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmiduq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmhmpisgrjb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tjerrruiu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tixbprzs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tgysztaa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tgp.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\teatwcjgoq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tcu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\szanch.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sxngztzr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swucw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swrosmstc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swmx.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\svh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\surl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\strlohjio
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sthnpbr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\srt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\srceeuuzog
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sqrvkkbktxz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sntlrnm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\slvwlpnaqo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\slfzi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\skjqlknoa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\skcx.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sjzadmi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sjfso
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sghtkpu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sfxzlgg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sfsz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sbm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sao
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rzyxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rzuc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rybqxma
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rxlxmq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rwwmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rwumiig
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rvitifkhda.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ruwy.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rumiqlhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rtssxvscl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rtsquze.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rrbddpfknf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rquw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rpz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rnixg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rnaxcorvnpm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rmkgnn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rlxrf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rkdkyehqiv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rjzxhrd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rilkwzwyil.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\riffaw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rifbww.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rhrrf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rfmfahwb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rfbddh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rex.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rckntimj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbou.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qzegqoobxiy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qxbus.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qwdspx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qvt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\quqsl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qttwzyei.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qswzofzltsi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qsopsnklrnj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qrpcq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqqt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqqewpfdl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqmnchoguw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qpghwlpi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qogqdj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qnretzig.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qncintxhpbv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qmlr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qldlx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qjhrojfdm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qhyfrlwcpck
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qheefqe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qebywplco
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qcyfwezkrw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qcw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbvhrrhf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbqeurlah
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbdvroefxtf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qayekwvmsh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwlwjlqf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwalonerzam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pvsbacopgo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\puxozpwjj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptuhkoey
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptfcgaof.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptcwmepfq.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\psxulyb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\psuezqksw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pqognjycvt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pqjjgvrcrr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ppmurgqnqi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pplmagu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pjtdqi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pjjipw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\phcioojd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pgsh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pgmxllhrgl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pffkxpns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pepxq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pefaimbebk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pedcjlq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pdqrcouep
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pctk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pcpmvigyknw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pcnbisr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pclkwlz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pbzcnzjjax
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pathdekgnl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oylo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oybbndhpat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oxxpcqneqfk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oxsta
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ousspnt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ourtunrnnc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otvbczqzr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otorwgb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otngpkqlgc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oqljnan
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oqipw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\opnaypiuh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\opn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oofzxmm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oofsbkfk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oocihv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ooaomuyhvz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\onuhfaqdr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\omgkwcqmzh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olwz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olvkvxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olhitsu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olhdsirhbjm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olcfhmx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\okbzdweogsf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ojlw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oicryjbsxhd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ohfmfxmgnvd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ogn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ogknbwh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odpeuveeirg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odklrkid
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odieozehykz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ocduhsoaeky.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\obfbsckxiuv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nysjggwyrz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nybrohbe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nvolurg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nvdkhnrqwn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ntpp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nreadmitf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nqxtrw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\npx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\npuailglpt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\noyqt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nnzey
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nlzvfpgxhuw.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\netcd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ndpxrjvfik.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\narceunvfsr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mzquaye
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mxdvmytw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mwzhlh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mwuwz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvxgdkyrjxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvhxlyyr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvfhxic
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\msbwl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mrprxeehpe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpvauzxwdz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpuqpwyjjoe.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mlfml.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mkyszmt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\minowwpnhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mimsxzkfsba
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mhymnl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mhefcltipun.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mftkul
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mfpfkyzrxe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mflohpswrxl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mcrrrdylbyb.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbufohzbd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbpbf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbcuyqp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\maynwlp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lzjqvgauzfs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lxjydaq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lwohwwxa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lwcnbd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lvzw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lvjfqnrfy.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ltm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ltcbbxm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lrwldsbcq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lrotxpqhol
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lqya.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lqpksm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lptdlhqltgj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lnuzijew
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lnm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lmti
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lmkwvtfa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lljl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lklnirnii
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\litvwn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\liif.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lhlcj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lffhqjpt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lfdwrke
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lex.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lervczxc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lepkgvz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ldypa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ldna.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lbial
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kza
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kykkyyjuomq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kxfziwiehxe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ktkvvqws.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kppamcnflm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kokjkgnayl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\knkpjcuzkb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\knk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kmgbr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kkxlvn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kkrk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjvzwobzke.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjvgkvsar
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\khzpcmbe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kgqeevfnt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kfzlj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kfkegdfzsmf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kffzqte
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kdi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kcd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kblu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kagoeryt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kaddzumq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jxvemnjznu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jxqxva.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jvpytddxshm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jvanbm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\junn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jtdznq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jsslx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jsgzsb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jscxtijpp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jresfclof
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jmpx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jkne
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jhvyfmljeob
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jfuwpyqkkiu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jfilvhux
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jes
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jeoc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jecbuzopv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jdlshte
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jclas
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jazdltqdat.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iyao
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ixrmyzmuf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ivz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iuzsgndntd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\itshnv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ithugwck.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\isnvgwxvzx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ipldozicq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ipdnxhip
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iooy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iobspad
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\imisiwl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ilppyukvb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikvd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikugogpknz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikitzfwrlzd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ihxkhtew
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\igy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\igwyc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifwyys
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifvbafbi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifhfyantlzc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iecx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\idzfxu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iduxw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ict.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ibqvywo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iarssnndg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hzooveshuhi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hznd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hxpuo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hxokmtz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hwsfdvw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hvbzrysf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hulemjbpzih.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\huiqk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htzs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htubwk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htmhmor
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hsxps
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hrqwp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hrfumedgw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hqwxnfwmq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hqofa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hoboh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hmzimwaq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hiushfclfla.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\higwf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hhxjfatux.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hgu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hgdxppghmnp.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hfbtzuzg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hfaptb.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hbqnkzjqm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hbduxvmv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gzswrdxw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gxveh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gxiglgpq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwyphivwam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwegf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwcogj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gvsgjc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gtkrjpla
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gsztiwpu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gswxesatox.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gswssvrjl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gqr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gksspjwk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gjrxn.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gityrsbrb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\giemuzl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ghgeryzg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ghdvcccqxcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ggjxmqh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gfgr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gecrm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gdsbvd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gck
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gcgii.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gbx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gazeenlg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ganwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fzzu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fyvyvw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fxwpiwys
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fxhn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fsopbrrnag
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fsjfcnvfjr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\frznpwqgbxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fqat.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fonbotjzdzr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnyj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnxe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnwncbqssp.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fmlgoxxnn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fkuuzbgv.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fjpkjgod
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhsongrcc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhagevihj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fcibhhrxsu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ezafudvoiyt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\evpk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eswjlbv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\erauoi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eqartqwjeg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\epvvbcvej
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\epuzw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eng
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eiwxqfsa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ehe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\egskehx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\egeegu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\efwxeovrva
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eesejbzog.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eebifxejokv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\edsljcdivuy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\edovnmlhmu.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ecqooiby
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ebwmf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ebeblkboibi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eafryqglx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dzna
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dxrnzku.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dtxfol
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dqeavzgp.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dqajfj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dpfrqyaznoo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dows
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dogequdlcho
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dmuuqmc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dmtlsnues.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dkfd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\djzobvavx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dizbniz.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dgppwo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dgckkqqq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfswulgomz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfol.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfdenbmhi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\detwvkklv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\defhdp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dbsbm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\daltzc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\daflhn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cxoab
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cwr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ctxnogspj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ctsn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cqbt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cprceg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cntaml.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cjsvjsn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cixpn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\civwzqm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cheng.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cguaohd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cfclssx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cdntf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cbqynozbpo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cbgvboorrjj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cakqt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bzyz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bzkhikmncyf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\byoqvakieh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bycuny
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bxqecmpfn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bulcyfilrrd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bsxkwl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bsmobir.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bpajjydv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bmpedqmgmxo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\blxcchdo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bloulzqvnrd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bfsdlrscmiv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\betjex.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bacdzugy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\azuxhafgo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\azepwokxctz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ayyyufnvi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\axxvniyw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\auqopa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\auemdu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aso.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\arsimaqa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\arembuqqlhl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aqluxxpvzxz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\apluecjxljh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aotnjwxb.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\alswcpnkwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\alpzadzk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\akophcvl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\akjgqsepny.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ajnzyssdz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ajfm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aihwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ahlkupje
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\agd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\afocvlmwd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aesvs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\adpgegoatcl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aclcvmx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\abqj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aaydghedumh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\rnni.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\refyhravcw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\qgqkumwr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\pxluctu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\pnaphwmzlgp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\oaap
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\nhs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lzuovdq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lyi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lqrbl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\kragnbr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\jnpltjziixr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\iurduaasebj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\hihw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\grgqrvb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\fas.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\err.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\ejxebk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\eewo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\ecisfvuhpa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\dwbwxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\dehidfjtpt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\cpznhdhikek
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\baxqskha.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 20:35 - 2013-08-22 19:06 - 00000000 ____D C:\Windows
2016-01-14 20:26 - 2015-09-22 10:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{13577F26-D72F-4587-B470-A1DBBBD660BB}
2016-01-14 20:26 - 2015-09-19 19:43 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-921485403-2575864937-4210904776-1001
2016-01-14 20:21 - 2015-11-25 23:25 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-01-14 20:21 - 2015-10-21 12:00 - 00001110 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-14 20:21 - 2015-09-19 23:12 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-14 20:21 - 2015-09-19 20:15 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2016-01-14 20:21 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 01:26 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2016-01-14 01:08 - 2015-11-15 13:27 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job
2016-01-13 20:13 - 2013-08-22 21:06 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-13 17:29 - 2013-08-22 20:14 - 00527496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-12 20:26 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2016-01-12 02:59 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-09 09:07 - 2015-11-15 13:27 - 00000858 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job
2016-01-07 16:06 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\Downloads\Video
2016-01-05 22:06 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2016-01-05 19:28 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2016-01-03 11:42 - 2015-09-19 20:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-03 11:42 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2015-12-30 18:40 - 2015-10-04 11:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-27 10:13 - 2015-11-25 19:23 - 00007600 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-12-22 22:33 - 2015-09-24 09:02 - 00000000 ____D C:\Users\USER\AppData\Local\Google
2015-12-22 22:27 - 2014-01-15 18:27 - 00000000 ____D C:\Windows\KMS
2015-12-20 11:06 - 2015-10-21 13:06 - 00000000 ____D C:\Users\USER\Downloads\wallpaper
2015-12-20 00:49 - 2015-10-11 00:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\GarenaPlus
2015-12-20 00:49 - 2015-10-11 00:32 - 00000000 ____D C:\ProgramData\GarenaMessenger

==================== Files in the root of some directories =======

2015-11-19 08:50 - 2015-11-19 09:06 - 0000115 _____ () C:\Users\USER\AppData\Roaming\LogFile.txt
2015-10-11 01:38 - 2015-11-20 18:35 - 0045270 _____ () C:\Users\USER\AppData\Roaming\room_v3.dat
2015-09-30 12:33 - 2015-09-30 12:33 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-25 19:23 - 2015-12-27 10:13 - 0007600 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-09-24 09:07 - 2015-09-24 09:07 - 0000000 _____ () C:\Users\USER\AppData\Local\{B607AE99-9100-406D-A74F-02025B4F0770}

Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\GURB97C.exe
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
C:\Users\USER\AppData\Local\Temp\{B4187E8C-C594-4F26-805E-A4AE556DD017}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-12 21:57

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by USER (2016-01-14 20:36:12)
Running from C:\Users\USER\Downloads\Programs
Windows 8.1 Pro (X64) (2015-09-19 14:06:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-921485403-2575864937-4210904776-500 - Administrator - Disabled)
Guest (S-1-5-21-921485403-2575864937-4210904776-501 - Limited - Disabled)
USER (S-1-5-21-921485403-2575864937-4210904776-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Out of date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Out of date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG (Version: 16.4.7163 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden
AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.170 - Broadcom Corporation)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Google Chrome (HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4281 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Panda Devices Agent (x32 Version: 1.03.06 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 8.20.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30182 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.39.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7455 - Realtek Semiconductor Corp.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.22 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Device Recovery Tool 3.1.4 (HKLM-x32\...\{d4849306-53e9-465f-8a2d-a68c8fcfe4dd}) (Version: 3.1.4 - Microsoft)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)
Your Freedom 20151111-01 (HKLM-x32\...\Your_Deploy_0) (Version:  - resolution GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {413222F5-C560-4FAE-9647-E53A6CB196CB} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-11-11] ()
Task: {72B0950E-A263-41AB-A4EB-53748857F4F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {7E491859-3AE3-46DE-88BF-6A591916427A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-24] (Adobe Systems Incorporated)
Task: {B472D1A9-EEBD-40E1-9AD2-E055C00DE325} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B71AD709-6B25-4A26-B6C7-77993931F1B5} - System32\Tasks\{FAD0EC96-51A4-4001-81B1-951269B934AF} => pcalua.exe -a C:\Users\USER\Downloads\Programs\win64_154012.exe -d C:\Users\USER\AppData\Roaming\IDM
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C887F459-C2C4-4710-93CB-FFA3D2F0CF21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {CFB55E4D-B926-4456-BB57-7E4AFF6FC476} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F679A661-D75B-4DCF-9B41-FB97D7FD900E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-02 09:32 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2015-09-19 19:36 - 2014-01-04 17:22 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2015-09-19 19:36 - 2013-12-04 01:31 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2015-10-09 18:52 - 2015-11-11 13:29 - 00168384 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-04-23 08:28 - 2014-04-23 08:28 - 01656416 _____ () C:\Program Files (x86)\My WIFI Router\bmser.exe
2015-12-15 22:47 - 2015-12-15 22:47 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-12-02 08:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-02 08:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-02 08:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-09 18:53 - 2015-11-11 13:29 - 02519488 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-04-23 08:28 - 2014-04-23 08:28 - 00193392 _____ () C:\Program Files (x86)\My WIFI Router\bmupdex.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-921485403-2575864937-4210904776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\Downloads\wallpaper\space_pilot-1366x768.jpg
DNS Servers: 46.101.178.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\StartupFolder: => "r.lnk"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\Run: => "GarenaPlus"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4B3501D-6EFA-452B-B6A5-3961975DA0A6}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{E4B7321F-F3D6-4B57-A493-69CDAE030B71}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{1F6A0F79-C60B-42D6-A098-7E5D223990D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF600147-70E8-4B9E-A63D-549DD5747FB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47AD4CD6-D02F-4379-85EC-F8562FF42ED1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{384C9F71-D3C9-4582-AC09-8AD9F3E49E59}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{73E80287-B682-4B54-BB5D-4726CF5C6A1D}] => (Allow) F:\Garena Plus\ggdllhost.exe
FirewallRules: [{4BB5B31E-C267-4BAA-B95C-6A06E0F7B485}] => (Allow) F:\Garena Plus\Room\garena_room.exe
FirewallRules: [{58EBDC79-F3A9-47DA-B122-C661E93CE1A2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{0E89BE7C-349B-4824-AA19-B1EED3C552BA}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{4BA84F61-712F-42C4-AC49-A560238A71B8}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{35AFB527-11D4-4173-B6B7-EAC8E9586D82}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{1DD8A6D1-10B4-468E-A730-A54E0A9DB45F}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{62EAF6AC-0AE1-4D06-B0EA-989B6E141BD2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{65B02B9A-D9BD-4D2B-ADD6-3A2D4C431ED9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{7573F698-6F47-409F-A247-BD2BC18B7A2E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{725D5986-EDC1-4A9A-88E1-C4D778D88E89}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C0DD2FEC-025D-42C8-8DD3-580FEBC94806}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5FDE70D1-E351-49FD-A00C-53EE9D783972}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F8808E18-5AA4-4CDB-8595-89D8C766275E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5ADEE819-265A-4480-8ED8-1F9CE99019DF}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6D10EF45-6934-4606-AB61-BDF70A59AFAE}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C38DA49F-658E-438C-A98A-C57D738A2A8C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D04BBC07-371D-4A6B-A2DB-A3FBC167E938}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B9B307F-F016-4624-B2C1-8B23DEDD8389}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{C9B7C9B9-7347-4D8E-8FAB-55EDA911547F}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{CCF9E7B7-9A49-4B8F-A64D-FFE68D451D1B}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{515A7A20-4634-4696-A309-F9697169A1F9}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{7B7DB94E-0C80-402A-985B-79DCD9A57138}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{DDA76CC5-81E0-42A7-9538-0A7BD58EEE13}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [TCP Query User{1535DD3E-198F-4C10-8088-1F3D03C9B6B6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{005B92E1-C367-4731-992C-3117488257D9}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{68C18CC4-E3A7-4ED9-B8FF-B4DBF5FAF0C9}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{9F80C398-DBEF-4DE3-B07F-C7BC1451E58C}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{6E518937-B5BB-4DE4-861D-536F8B81A635}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F62FFD9D-8AB3-4408-9A40-5B5BA0457CCC}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B0D30BD-3989-4A65-8794-C373CB9CD2C2}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{2AF723CB-6B80-457B-9071-B828EB66AC5E}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{BDDA8327-CB5E-4B21-BCD4-7D639DA8D99A}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{8D584E34-169D-475E-8945-27CCF24D6722}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FCAD242B-14B1-4500-B14A-87452F91FBC2}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{0A6836F2-29D4-4D5C-BB03-1FA2D7A4D0E5}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [TCP Query User{22E78331-A400-4510-8041-FCF8D53A7762}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [UDP Query User{577F7BE6-3F42-4CE5-A525-4DB8FAF56E47}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [{ADDF4EE8-E983-47BF-88AF-79BDF376BAAE}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{7B5E3993-FDF0-4683-AF8B-817F9DCD6C4B}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [TCP Query User{0B05774B-D732-4D98-A2D3-D04D0E195F58}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [UDP Query User{B260784D-F4C3-4EE0-A687-76BAF63FCC4B}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [{6FBF3A8F-F5EE-4707-A186-55CF80C241E7}] => (Allow) C:\Users\USER\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{10E44CA7-8E84-497C-BD30-E93A40B2778D}] => (Allow) C:\Users\USER\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{82562156-6C57-4E24-98B9-8D6B604F49CC}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{49ED8963-A542-44A4-9E6E-D0BEF0FC7AB2}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [{D66A53E2-78FC-47AE-802E-853DDB1C0528}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

25-12-2015 21:58:03 JRT Pre-Junkware Removal
03-01-2016 05:31:28 Scheduled Checkpoint
10-01-2016 19:51:07 Scheduled Checkpoint
13-01-2016 20:12:33 Removed BlueStacks App Player

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2016 08:34:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (01/14/2016 08:26:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 䑉䑐呁䱇㾾䪋鍵▽✤맍篇. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/14/2016 08:26:23 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:26:23 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:26:17 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:26:17 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:22:22 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:22:22 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:22:22 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/14/2016 08:22:22 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (5296) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.


System errors:
=============
Error: (01/14/2016 08:21:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%2

Error: (01/14/2016 08:21:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%2

Error: (01/14/2016 08:21:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%2

Error: (01/14/2016 08:21:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Firewall service failed to start due to the following error:
%%2

Error: (01/14/2016 08:21:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/13/2016 08:13:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/13/2016 07:18:56 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/13/2016 07:18:26 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/13/2016 05:29:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%2

Error: (01/13/2016 05:29:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%2


==================== Memory info ===========================

Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 4016.67 MB
Available physical RAM: 2445.16 MB
Total Virtual: 4720.67 MB
Available Virtual: 2941.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.31 GB) (Free:67.89 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:416.93 GB) (Free:392.25 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:416.93 GB) (Free:410.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0458014D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=416.9 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Hello,
I have also noticed in your log file you are using BitTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

Next
You have Two Anti Virus programs running
  • AVG
  • Panda Security

    The real-time protection of two antivirus programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.[* ]Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

    I suggest you uninstall AVG, It's got a few problems in the error part of the log. Please visit the website=> Here and click this one=> Second one down=> AVG Remover (64bit) download and run it to remove AVG.

    Next

    Download the enclosed file.=>Attached File  FIXLIST.txt   58.98KB   105 downloads Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.
    The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

    Next
    I see that you already have run these adware scanners. Please run them again for me.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I never knew I  still had AVG in the system. I removed it. Though I have bit torrent, I've never used it till now. I removed it too. Here are the logs.

 

fix log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by USER (2016-01-16 10:27:32) Run:1
Running from C:\Users\USER\Downloads\Programs
Loaded Profiles: USER (Available Profiles: USER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf7069-67f0-11e5-8252-9457a5ac2e58} - "G:\AutoRun.exe"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf70c9-67f0-11e5-8252-9457a5ac2e58} - "G:\AutoRun.exe"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\MountPoints2: {20cf729d-67f0-11e5-8252-9457a5ac2e58} - "H:\AutoRun.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
S2 avgfws; "C:\Program Files (x86)\AVG\Av\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\Av\avgidsagent.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe" [X]
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [314800 2015-08-31] (AVG Technologies CZ, s.r.o.)
2015-12-27 18:31 - 2016-01-03 18:31 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-27 18:31 - 2015-12-27 18:31 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-21 18:48 - 2015-12-23 18:46 - 00000000 ____D C:\Users\USER\AppData\Roaming\BitTorrent
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
FirewallRules: [{65B02B9A-D9BD-4D2B-ADD6-3A2D4C431ED9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{7573F698-6F47-409F-A247-BD2BC18B7A2E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{725D5986-EDC1-4A9A-88E1-C4D778D88E89}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C0DD2FEC-025D-42C8-8DD3-580FEBC94806}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5FDE70D1-E351-49FD-A00C-53EE9D783972}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F8808E18-5AA4-4CDB-8595-89D8C766275E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6FBF3A8F-F5EE-4707-A186-55CF80C241E7}] => (Allow) C:\Users\USER\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{10E44CA7-8E84-497C-BD30-E93A40B2778D}] => (Allow) C:\Users\USER\AppData\Roaming\BitTorrent\BitTorrent.exe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\zwjvhcytwbc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\xibfo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\uivgphjr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\tzhdw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\togl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\tnlcyha
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zzmbkjttcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zyowns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zyadeizbstq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxykwvw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxntsmpkns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zxlhpcxet
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvybg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvxxfsps
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zvxuplfqaiv.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zufsomdnqb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zprns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zph
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\znubd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zmulmsalvp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zmpm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zlvlgaoro.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zkvadtmlfi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zkgl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zhbezzk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zgtn.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zgdzvuq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zfxbo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zerryde
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zdo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zbu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\zayfbnltwb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yzvlitevcp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yztg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ywjmsytb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ywcotf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yueiza
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yrvdebxgrzt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yruogei.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yqwnxmuqkr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yqjwaqwjrgn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypwgam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ypb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ynbpico.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yjbyky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yifbtom
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yhvfljhx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yft.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yfguqg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yfddtyco.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yeubbz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yeqc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ybnso
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ybcwdcj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yajdu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\yacxpunyz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xxfxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xwolbkcl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xwfjdkdtixu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xuyoohmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xsdi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xrjnqaxgslz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xrjmwls.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xratz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xogeiasqdx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xnrwoffi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xnaaiqyn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xlaoaq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xkiazoygsu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xivldzk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xitroqxj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhxj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhliavnncf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhjvdk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xhepiahgu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xfor.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xei.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xdu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xdnu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xbwudob.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xbeumyws.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\xabxrnwognq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wztapis.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wvpmojcpagc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wvmaql.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wuienx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wtkvqxla.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wriuwbh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wrfmrz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wqnbogohpa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wpushbesv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wpa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wooq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnzrlwgymia
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnwpuad
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wnwis
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmsxmgb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmcwjfwebcg.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmcbsqz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wmaeoulj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wltgfaapaxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wlagsxpfnjc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wkaig
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wjjkwjxof.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wjd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wio
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\winwis
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgjy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgfzxqxc.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wgekhz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wchut
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\wbyqcoru
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vylysjgigsp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vydky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vxamvnvecd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vwx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vwvpxtf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vuzy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vutlo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vtccpjjxhbl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vrt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vrb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vqzkhuu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vpymgh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlzenqzgwi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vltbvctcek
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vlhw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vky.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vhuya
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vhgdwwy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vgkauki
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vexcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vekhfmquvd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vedcfvtun
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\vcwbqe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uykjvcews
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uvhkeoo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uuknvmo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\usbsjhq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\urupvqobgah
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\urfoeuqrrvx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\upwhfcfpq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\upqsk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\umckcky
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\umblkiu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ukqsipcp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujurc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujupkolaxz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ujemlvpjgb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uilhoi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uhgxcxne.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ugh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\udixx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ubomomrwsdk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\uaqqwmjt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\txkpazbbtc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tvumtdvg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tviuuwtwvs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tubh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tttpgilubhz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\trpcwzo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\trjhziwhqax
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tqkrkktdw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tplabizkfi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tparier
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmksiwyo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmiduq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tmhmpisgrjb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tjerrruiu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tixbprzs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tgysztaa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tgp.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\teatwcjgoq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\tcu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\szanch.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sxngztzr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swucw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swrosmstc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\swmx.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\svh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\surl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\strlohjio
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sthnpbr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\srt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\srceeuuzog
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sqrvkkbktxz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sntlrnm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\slvwlpnaqo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\slfzi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\skjqlknoa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\skcx.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sjzadmi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sjfso
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sghtkpu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sfxzlgg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sfsz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sbm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\sao
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rzyxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rzuc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rybqxma
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rxlxmq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rwwmb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rwumiig
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rvitifkhda.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ruwy.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rumiqlhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rtssxvscl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rtsquze.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rrbddpfknf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rquw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rpz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rnixg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rnaxcorvnpm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rmkgnn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rlxrf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rkdkyehqiv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rjzxhrd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rilkwzwyil.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\riffaw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rifbww.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rhrrf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rfmfahwb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rfbddh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rex.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rckntimj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbou.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\rbc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qzegqoobxiy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qxbus.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qwdspx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qvt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\quqsl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qttwzyei.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qswzofzltsi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qsopsnklrnj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qrpcq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqqt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqqewpfdl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qqmnchoguw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qpghwlpi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qogqdj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qnretzig.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qncintxhpbv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qmlr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qldlx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qjhrojfdm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qhyfrlwcpck
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qheefqe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qebywplco
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qcyfwezkrw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qcw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbvhrrhf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbqeurlah
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qbdvroefxtf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\qayekwvmsh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwlwjlqf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwalonerzam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pwa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pvsbacopgo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\puxozpwjj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptuhkoey
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptfcgaof.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ptcwmepfq.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\psxulyb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\psuezqksw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pqognjycvt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pqjjgvrcrr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ppmurgqnqi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pplmagu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pjtdqi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pjjipw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\phcioojd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pgsh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pgmxllhrgl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pffkxpns
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pepxq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pefaimbebk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pedcjlq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pdqrcouep
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pctk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pcpmvigyknw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pcnbisr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pclkwlz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pbzcnzjjax
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\pathdekgnl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oylo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oybbndhpat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oxxpcqneqfk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oxsta
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ousspnt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ourtunrnnc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otvbczqzr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otorwgb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\otngpkqlgc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oqljnan
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oqipw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\opnaypiuh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\opn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oofzxmm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oofsbkfk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oocihv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ooaomuyhvz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\onuhfaqdr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\omgkwcqmzh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olwz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olvkvxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olhitsu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olhdsirhbjm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\olcfhmx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\okbzdweogsf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ojlw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\oicryjbsxhd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ohfmfxmgnvd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ogn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ogknbwh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odpeuveeirg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odklrkid
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\odieozehykz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ocduhsoaeky.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\obfbsckxiuv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nysjggwyrz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nybrohbe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nvolurg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nvdkhnrqwn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ntpp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nreadmitf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nqxtrw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\npx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\npuailglpt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\noyqt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nnzey
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\nlzvfpgxhuw.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\netcd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ndpxrjvfik.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\narceunvfsr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mzquaye
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mxdvmytw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mwzhlh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mwuwz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvxgdkyrjxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvhxlyyr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mvfhxic
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\msbwl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mrprxeehpe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpvauzxwdz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpuqpwyjjoe.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mpr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mlfml.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mkyszmt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\minowwpnhw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mimsxzkfsba
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mhymnl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mhefcltipun.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mftkul
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mfpfkyzrxe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mflohpswrxl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mcrrrdylbyb.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbufohzbd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbpbf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\mbcuyqp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\maynwlp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lzjqvgauzfs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lxjydaq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lwohwwxa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lwcnbd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lvzw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lvjfqnrfy.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ltm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ltcbbxm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lrwldsbcq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lrotxpqhol
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lqya.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lqpksm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lptdlhqltgj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lnuzijew
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lnm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lmti
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lmkwvtfa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lljl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lklnirnii
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\litvwn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\liif.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lhlcj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lffhqjpt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lfdwrke
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lex.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lervczxc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lepkgvz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ldypa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ldna.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\lbial
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kza
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kykkyyjuomq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kxfziwiehxe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ktkvvqws.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kppamcnflm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kokjkgnayl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\knkpjcuzkb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\knk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kmgbr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kkxlvn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kkrk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjvzwobzke.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjvgkvsar
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kjj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\khzpcmbe
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kgqeevfnt.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kfzlj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kfkegdfzsmf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kffzqte
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kdi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kcd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kblu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kagoeryt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\kaddzumq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jxvemnjznu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jxqxva.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jvpytddxshm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jvanbm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\junn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jtdznq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jsslx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jsgzsb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jscxtijpp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jresfclof
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jmpx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jkne
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jhvyfmljeob
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jfuwpyqkkiu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jfilvhux
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jes
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jeoc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jecbuzopv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jdlshte
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jclas
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\jazdltqdat.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iyao
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ixrmyzmuf.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ivz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iuzsgndntd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\itshnv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ithugwck.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\isnvgwxvzx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ipldozicq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ipdnxhip
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iooy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iobspad
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\imisiwl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ilppyukvb.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikvd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikugogpknz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ikitzfwrlzd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ihxkhtew
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\igy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\igwyc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifwyys
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifvbafbi.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifhfyantlzc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ifh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iecx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\idzfxu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iduxw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ict.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ibqvywo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\iarssnndg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hzooveshuhi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hznd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hxpuo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hxokmtz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hwsfdvw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hvbzrysf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hulemjbpzih.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\huiqk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htzs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htubwk.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\htmhmor
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hsxps
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hrqwp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hrfumedgw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hqwxnfwmq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hqofa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hoboh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hmzimwaq.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hiushfclfla.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\higwf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hhxjfatux.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hgu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hgdxppghmnp.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hfbtzuzg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hfaptb.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hbqnkzjqm.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\hbduxvmv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gzswrdxw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gxveh.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gxiglgpq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwyphivwam
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwegf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gwcogj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gvsgjc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gtkrjpla
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gsztiwpu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gswxesatox.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gswssvrjl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gqr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gksspjwk.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gjrxn.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gityrsbrb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\giemuzl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ghgeryzg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ghdvcccqxcv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ggjxmqh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gfgr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gecrm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gdsbvd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gck
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gcgii.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gbx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\gazeenlg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ganwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fzzu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fyvyvw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fxwpiwys
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fxhn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fsopbrrnag
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fsjfcnvfjr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\frznpwqgbxt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fqat.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fonbotjzdzr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnyj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnxe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fnwncbqssp.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fmlgoxxnn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fkuuzbgv.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fjpkjgod
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhsongrcc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fhagevihj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\fcibhhrxsu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ezafudvoiyt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\evpk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eswjlbv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\erauoi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eqartqwjeg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\epvvbcvej
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\epuzw.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eng
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eiwxqfsa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ehe.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\egskehx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\egeegu
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\efwxeovrva
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eesejbzog.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eebifxejokv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\edsljcdivuy.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\edovnmlhmu.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ecqooiby
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ebwmf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ebeblkboibi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\eafryqglx
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dzna
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dxrnzku.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dtxfol
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dqeavzgp.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dqajfj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dpfrqyaznoo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dows
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dogequdlcho
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dmuuqmc.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dmtlsnues.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dkfd.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\djzobvavx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dizbniz.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dgppwo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dgckkqqq.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfswulgomz.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfol.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dfdenbmhi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\detwvkklv.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\defhdp.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\dbsbm
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\daltzc
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\daflhn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cxoab
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cwr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ctxnogspj.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ctsn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cqbt.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cprceg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cntaml.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cjsvjsn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cixpn
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\civwzqm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cheng.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cguaohd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cfclssx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cdntf.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cbqynozbpo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cbgvboorrjj.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\cakqt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bzyz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bzkhikmncyf
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\byoqvakieh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bycuny
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bxqecmpfn.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bulcyfilrrd.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bsxkwl.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bsmobir.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bpajjydv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bmpedqmgmxo
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\blxcchdo.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bloulzqvnrd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bfsdlrscmiv
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\betjex.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\bacdzugy
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\azuxhafgo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\azepwokxctz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ayyyufnvi.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\axxvniyw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\auqopa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\auemdu.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aso.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\arsimaqa
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\arembuqqlhl.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aqluxxpvzxz
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\apluecjxljh.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aotnjwxb.xml
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\alswcpnkwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\alpzadzk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\akophcvl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\akjgqsepny.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ajnzyssdz.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ajfm.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aihwg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\ahlkupje
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\agd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\afocvlmwd
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aesvs.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\adpgegoatcl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aclcvmx.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\abqj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\SysWOW64\aaydghedumh
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\rnni.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\refyhravcw.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\qgqkumwr.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\pxluctu.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\pnaphwmzlgp
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\oaap
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\nhs
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lzuovdq
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lyi
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\lqrbl
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\kragnbr.dat
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\jnpltjziixr
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\iurduaasebj
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\hihw
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\grgqrvb
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\fas.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\err.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\ejxebk
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\eewo.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\ecisfvuhpa.ini
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\dwbwxg
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\dehidfjtpt
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\cpznhdhikek
2015-12-20 00:46 - 2015-12-20 00:46 - 00000032 _____ C:\Windows\baxqskha.dat
C:\Users\USER\AppData\Local\Temp\GURB97C.exe
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
C:\Users\USER\AppData\Local\Temp\{B4187E8C-C594-4F26-805E-A4AE556DD017}.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-921485403-2575864937-4210904776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cf7069-67f0-11e5-8252-9457a5ac2e58}" => key removed successfully
HKCR\CLSID\{20cf7069-67f0-11e5-8252-9457a5ac2e58} => key not found.
"HKU\S-1-5-21-921485403-2575864937-4210904776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cf70c9-67f0-11e5-8252-9457a5ac2e58}" => key removed successfully
HKCR\CLSID\{20cf70c9-67f0-11e5-8252-9457a5ac2e58} => key not found.
"HKU\S-1-5-21-921485403-2575864937-4210904776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cf729d-67f0-11e5-8252-9457a5ac2e58}" => key removed successfully
HKCR\CLSID\{20cf729d-67f0-11e5-8252-9457a5ac2e58} => key not found.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
AvgAMPS => service not found.
avgfws => service not found.
AVGIDSAgent => service not found.
avgsvc => service removed successfully
avgwd => service not found.
Avgboota => service not found.
Avgdiska => service not found.
Avgfwfd => service not found.
AVGIDSDriver => service not found.
AVGIDSHA => service not found.
Avgldx64 => service not found.
Avgloga => service not found.
Avgmfx64 => service not found.
Avgrkx64 => service not found.
Avgwfpa => service not found.
C:\Windows\System32\Tasks\NCH Software => moved successfully
C:\Users\USER\AppData\Roaming\NCH Software => moved successfully
C:\ProgramData\NCH Software => moved successfully
C:\Program Files (x86)\NCH Software => moved successfully
"C:\Users\USER\AppData\Roaming\BitTorrent" => not found.
"HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}" => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => key could not remove.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => key could not remove.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => key could not remove.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PSUAService => key could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65B02B9A-D9BD-4D2B-ADD6-3A2D4C431ED9} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7573F698-6F47-409F-A247-BD2BC18B7A2E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{725D5986-EDC1-4A9A-88E1-C4D778D88E89} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0DD2FEC-025D-42C8-8DD3-580FEBC94806} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FDE70D1-E351-49FD-A00C-53EE9D783972} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8808E18-5AA4-4CDB-8595-89D8C766275E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FBF3A8F-F5EE-4707-A186-55CF80C241E7} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10E44CA7-8E84-497C-BD30-E93A40B2778D} => value not found.
C:\Windows\zwjvhcytwbc => moved successfully
C:\Windows\xibfo.dat => moved successfully
C:\Windows\uivgphjr => moved successfully
C:\Windows\tzhdw => moved successfully
C:\Windows\togl => moved successfully
C:\Windows\tnlcyha => moved successfully
C:\Windows\SysWOW64\zzmbkjttcv.ini => moved successfully
C:\Windows\SysWOW64\zyowns => moved successfully
C:\Windows\SysWOW64\zyadeizbstq.ini => moved successfully
C:\Windows\SysWOW64\zxykwvw => moved successfully
C:\Windows\SysWOW64\zxntsmpkns => moved successfully
C:\Windows\SysWOW64\zxlhpcxet => moved successfully
C:\Windows\SysWOW64\zvybg => moved successfully
C:\Windows\SysWOW64\zvxxfsps => moved successfully
C:\Windows\SysWOW64\zvxuplfqaiv.dat => moved successfully
C:\Windows\SysWOW64\zufsomdnqb => moved successfully
C:\Windows\SysWOW64\zprns => moved successfully
C:\Windows\SysWOW64\zph => moved successfully
C:\Windows\SysWOW64\znubd => moved successfully
C:\Windows\SysWOW64\zmulmsalvp.ini => moved successfully
C:\Windows\SysWOW64\zmpm.dat => moved successfully
C:\Windows\SysWOW64\zlvlgaoro.dat => moved successfully
C:\Windows\SysWOW64\zkvadtmlfi => moved successfully
C:\Windows\SysWOW64\zkgl => moved successfully
C:\Windows\SysWOW64\zhbezzk.ini => moved successfully
C:\Windows\SysWOW64\zgtn.dat => moved successfully
C:\Windows\SysWOW64\zgdzvuq => moved successfully
C:\Windows\SysWOW64\zfxbo => moved successfully
C:\Windows\SysWOW64\zerryde => moved successfully
C:\Windows\SysWOW64\zdo => moved successfully
C:\Windows\SysWOW64\zbu.ini => moved successfully
C:\Windows\SysWOW64\zayfbnltwb => moved successfully
C:\Windows\SysWOW64\yzvlitevcp => moved successfully
C:\Windows\SysWOW64\yztg.dat => moved successfully
C:\Windows\SysWOW64\ywjmsytb => moved successfully
C:\Windows\SysWOW64\ywcotf.ini => moved successfully
C:\Windows\SysWOW64\yueiza => moved successfully
C:\Windows\SysWOW64\yrvdebxgrzt => moved successfully
C:\Windows\SysWOW64\yruogei.ini => moved successfully
C:\Windows\SysWOW64\yqwnxmuqkr.ini => moved successfully
C:\Windows\SysWOW64\yqjwaqwjrgn => moved successfully
C:\Windows\SysWOW64\ypwgam => moved successfully
C:\Windows\SysWOW64\ypn => moved successfully
C:\Windows\SysWOW64\ypb => moved successfully
C:\Windows\SysWOW64\ynbpico.ini => moved successfully
C:\Windows\SysWOW64\yjbyky => moved successfully
C:\Windows\SysWOW64\yifbtom => moved successfully
C:\Windows\SysWOW64\yhvfljhx => moved successfully
C:\Windows\SysWOW64\yft.ini => moved successfully
C:\Windows\SysWOW64\yfguqg.dat => moved successfully
C:\Windows\SysWOW64\yfddtyco.ini => moved successfully
C:\Windows\SysWOW64\yeubbz => moved successfully
C:\Windows\SysWOW64\yeqc.ini => moved successfully
C:\Windows\SysWOW64\ybnso => moved successfully
C:\Windows\SysWOW64\ybcwdcj.ini => moved successfully
C:\Windows\SysWOW64\yajdu => moved successfully
C:\Windows\SysWOW64\yacxpunyz => moved successfully
C:\Windows\SysWOW64\xxfxt => moved successfully
C:\Windows\SysWOW64\xwolbkcl => moved successfully
C:\Windows\SysWOW64\xwfjdkdtixu => moved successfully
C:\Windows\SysWOW64\xuyoohmb => moved successfully
C:\Windows\SysWOW64\xsdi => moved successfully
C:\Windows\SysWOW64\xrjnqaxgslz => moved successfully
C:\Windows\SysWOW64\xrjmwls.ini => moved successfully
C:\Windows\SysWOW64\xratz.ini => moved successfully
C:\Windows\SysWOW64\xogeiasqdx => moved successfully
C:\Windows\SysWOW64\xnrwoffi.ini => moved successfully
C:\Windows\SysWOW64\xnaaiqyn => moved successfully
C:\Windows\SysWOW64\xlaoaq => moved successfully
C:\Windows\SysWOW64\xkiazoygsu.dat => moved successfully
C:\Windows\SysWOW64\xivldzk => moved successfully
C:\Windows\SysWOW64\xitroqxj.dat => moved successfully
C:\Windows\SysWOW64\xhxj.ini => moved successfully
C:\Windows\SysWOW64\xhliavnncf.ini => moved successfully
C:\Windows\SysWOW64\xhjvdk => moved successfully
C:\Windows\SysWOW64\xhi.dat => moved successfully
C:\Windows\SysWOW64\xhepiahgu.ini => moved successfully
C:\Windows\SysWOW64\xfor.dat => moved successfully
C:\Windows\SysWOW64\xei.ini => moved successfully
C:\Windows\SysWOW64\xdu.dat => moved successfully
C:\Windows\SysWOW64\xdnu => moved successfully
C:\Windows\SysWOW64\xbwudob.ini => moved successfully
C:\Windows\SysWOW64\xbeumyws.ini => moved successfully
C:\Windows\SysWOW64\xabxrnwognq.ini => moved successfully
C:\Windows\SysWOW64\wztapis.ini => moved successfully
C:\Windows\SysWOW64\wvpmojcpagc.ini => moved successfully
C:\Windows\SysWOW64\wvmaql.ini => moved successfully
C:\Windows\SysWOW64\wuienx.ini => moved successfully
C:\Windows\SysWOW64\wtkvqxla.ini => moved successfully
C:\Windows\SysWOW64\wriuwbh => moved successfully
C:\Windows\SysWOW64\wrfmrz => moved successfully
C:\Windows\SysWOW64\wqnbogohpa => moved successfully
C:\Windows\SysWOW64\wpushbesv => moved successfully
C:\Windows\SysWOW64\wpa => moved successfully
C:\Windows\SysWOW64\wooq => moved successfully
C:\Windows\SysWOW64\wnzrlwgymia => moved successfully
C:\Windows\SysWOW64\wnwpuad => moved successfully
C:\Windows\SysWOW64\wnwis => moved successfully
C:\Windows\SysWOW64\wmsxmgb => moved successfully
C:\Windows\SysWOW64\wmcwjfwebcg.dat => moved successfully
C:\Windows\SysWOW64\wmcbsqz => moved successfully
C:\Windows\SysWOW64\wmaeoulj.ini => moved successfully
C:\Windows\SysWOW64\wltgfaapaxg => moved successfully
C:\Windows\SysWOW64\wlagsxpfnjc => moved successfully
C:\Windows\SysWOW64\wkaig => moved successfully
C:\Windows\SysWOW64\wjjkwjxof.dat => moved successfully
C:\Windows\SysWOW64\wjd.ini => moved successfully
C:\Windows\SysWOW64\wio => moved successfully
C:\Windows\SysWOW64\winwis => moved successfully
C:\Windows\SysWOW64\wgjy => moved successfully
C:\Windows\SysWOW64\wgfzxqxc.dat => moved successfully
C:\Windows\SysWOW64\wgekhz => moved successfully
C:\Windows\SysWOW64\wchut => moved successfully
C:\Windows\SysWOW64\wbyqcoru => moved successfully
C:\Windows\SysWOW64\vylysjgigsp => moved successfully
C:\Windows\SysWOW64\vydky => moved successfully
C:\Windows\SysWOW64\vxamvnvecd => moved successfully
C:\Windows\SysWOW64\vwx.ini => moved successfully
C:\Windows\SysWOW64\vwvpxtf.dat => moved successfully
C:\Windows\SysWOW64\vuzy.ini => moved successfully
C:\Windows\SysWOW64\vutlo => moved successfully
C:\Windows\SysWOW64\vtccpjjxhbl.ini => moved successfully
C:\Windows\SysWOW64\vrt => moved successfully
C:\Windows\SysWOW64\vrb => moved successfully
C:\Windows\SysWOW64\vqzkhuu => moved successfully
C:\Windows\SysWOW64\vpymgh.ini => moved successfully
C:\Windows\SysWOW64\vlzenqzgwi => moved successfully
C:\Windows\SysWOW64\vlv => moved successfully
C:\Windows\SysWOW64\vltbvctcek => moved successfully
C:\Windows\SysWOW64\vlhw => moved successfully
C:\Windows\SysWOW64\vky.dat => moved successfully
C:\Windows\SysWOW64\vhuya => moved successfully
C:\Windows\SysWOW64\vhgdwwy.ini => moved successfully
C:\Windows\SysWOW64\vgkauki => moved successfully
C:\Windows\SysWOW64\vexcv.ini => moved successfully
C:\Windows\SysWOW64\vekhfmquvd.dat => moved successfully
C:\Windows\SysWOW64\vedcfvtun => moved successfully
C:\Windows\SysWOW64\vcwbqe => moved successfully
C:\Windows\SysWOW64\uykjvcews => moved successfully
C:\Windows\SysWOW64\uvhkeoo.dat => moved successfully
C:\Windows\SysWOW64\uuknvmo.ini => moved successfully
C:\Windows\SysWOW64\usbsjhq => moved successfully
C:\Windows\SysWOW64\urupvqobgah => moved successfully
C:\Windows\SysWOW64\urfoeuqrrvx => moved successfully
C:\Windows\SysWOW64\upwhfcfpq => moved successfully
C:\Windows\SysWOW64\upqsk.dat => moved successfully
C:\Windows\SysWOW64\umckcky => moved successfully
C:\Windows\SysWOW64\umblkiu => moved successfully
C:\Windows\SysWOW64\ukqsipcp => moved successfully
C:\Windows\SysWOW64\ujurc => moved successfully
C:\Windows\SysWOW64\ujupkolaxz.ini => moved successfully
C:\Windows\SysWOW64\ujmb => moved successfully
C:\Windows\SysWOW64\ujemlvpjgb => moved successfully
C:\Windows\SysWOW64\uilhoi.dat => moved successfully
C:\Windows\SysWOW64\uhgxcxne.ini => moved successfully
C:\Windows\SysWOW64\ugh.ini => moved successfully
C:\Windows\SysWOW64\udixx.ini => moved successfully
C:\Windows\SysWOW64\ubomomrwsdk.dat => moved successfully
C:\Windows\SysWOW64\uaqqwmjt.ini => moved successfully
C:\Windows\SysWOW64\txkpazbbtc => moved successfully
C:\Windows\SysWOW64\tvumtdvg => moved successfully
C:\Windows\SysWOW64\tviuuwtwvs => moved successfully
C:\Windows\SysWOW64\tubh.ini => moved successfully
C:\Windows\SysWOW64\tttpgilubhz.ini => moved successfully
C:\Windows\SysWOW64\trpcwzo => moved successfully
C:\Windows\SysWOW64\trjhziwhqax => moved successfully
C:\Windows\SysWOW64\tqkrkktdw => moved successfully
C:\Windows\SysWOW64\tplabizkfi => moved successfully
C:\Windows\SysWOW64\tparier => moved successfully
C:\Windows\SysWOW64\tmksiwyo.ini => moved successfully
C:\Windows\SysWOW64\tmiduq => moved successfully
C:\Windows\SysWOW64\tmhmpisgrjb => moved successfully
C:\Windows\SysWOW64\tjerrruiu.ini => moved successfully
C:\Windows\SysWOW64\tixbprzs.dat => moved successfully
C:\Windows\SysWOW64\tgysztaa.ini => moved successfully
C:\Windows\SysWOW64\tgp.dat => moved successfully
C:\Windows\SysWOW64\teatwcjgoq => moved successfully
C:\Windows\SysWOW64\tcu.ini => moved successfully
C:\Windows\SysWOW64\szanch.dat => moved successfully
C:\Windows\SysWOW64\sxngztzr => moved successfully
C:\Windows\SysWOW64\swucw => moved successfully
C:\Windows\SysWOW64\swrosmstc.ini => moved successfully
C:\Windows\SysWOW64\swmx.dat => moved successfully
C:\Windows\SysWOW64\svh.dat => moved successfully
C:\Windows\SysWOW64\surl.ini => moved successfully
C:\Windows\SysWOW64\strlohjio => moved successfully
C:\Windows\SysWOW64\sthnpbr.ini => moved successfully
C:\Windows\SysWOW64\srt.ini => moved successfully
C:\Windows\SysWOW64\srceeuuzog => moved successfully
C:\Windows\SysWOW64\sqrvkkbktxz.dat => moved successfully
C:\Windows\SysWOW64\sntlrnm.dat => moved successfully
C:\Windows\SysWOW64\slvwlpnaqo => moved successfully
C:\Windows\SysWOW64\slfzi.ini => moved successfully
C:\Windows\SysWOW64\skjqlknoa.ini => moved successfully
C:\Windows\SysWOW64\skcx.dat => moved successfully
C:\Windows\SysWOW64\sjzadmi.ini => moved successfully
C:\Windows\SysWOW64\sjfso => moved successfully
C:\Windows\SysWOW64\sghtkpu => moved successfully
C:\Windows\SysWOW64\sfxzlgg => moved successfully
C:\Windows\SysWOW64\sfsz.dat => moved successfully
C:\Windows\SysWOW64\sbm => moved successfully
C:\Windows\SysWOW64\sao => moved successfully
C:\Windows\SysWOW64\rzyxt => moved successfully
C:\Windows\SysWOW64\rzuc.ini => moved successfully
C:\Windows\SysWOW64\rybqxma => moved successfully
C:\Windows\SysWOW64\rxlxmq => moved successfully
C:\Windows\SysWOW64\rwwmb => moved successfully
C:\Windows\SysWOW64\rwumiig => moved successfully
C:\Windows\SysWOW64\rvitifkhda.ini => moved successfully
C:\Windows\SysWOW64\ruwy.dat => moved successfully
C:\Windows\SysWOW64\rumiqlhw.dat => moved successfully
C:\Windows\SysWOW64\rtssxvscl => moved successfully
C:\Windows\SysWOW64\rtsquze.dat => moved successfully
C:\Windows\SysWOW64\rrbddpfknf => moved successfully
C:\Windows\SysWOW64\rquw => moved successfully
C:\Windows\SysWOW64\rpz.ini => moved successfully
C:\Windows\SysWOW64\rnixg => moved successfully
C:\Windows\SysWOW64\rnaxcorvnpm.ini => moved successfully
C:\Windows\SysWOW64\rmkgnn.ini => moved successfully
C:\Windows\SysWOW64\rlxrf => moved successfully
C:\Windows\SysWOW64\rkdkyehqiv => moved successfully
C:\Windows\SysWOW64\rjzxhrd => moved successfully
C:\Windows\SysWOW64\rilkwzwyil.xml => moved successfully
C:\Windows\SysWOW64\riffaw.ini => moved successfully
C:\Windows\SysWOW64\rifbww.ini => moved successfully
C:\Windows\SysWOW64\rhw.dat => moved successfully
C:\Windows\SysWOW64\rhrrf => moved successfully
C:\Windows\SysWOW64\rfmfahwb => moved successfully
C:\Windows\SysWOW64\rfbddh.dat => moved successfully
C:\Windows\SysWOW64\rex.dat => moved successfully
C:\Windows\SysWOW64\rckntimj.dat => moved successfully
C:\Windows\SysWOW64\rbw => moved successfully
C:\Windows\SysWOW64\rbou.dat => moved successfully
C:\Windows\SysWOW64\rbc => moved successfully
C:\Windows\SysWOW64\qzegqoobxiy.ini => moved successfully
C:\Windows\SysWOW64\qxbus.dat => moved successfully
C:\Windows\SysWOW64\qwdspx => moved successfully
C:\Windows\SysWOW64\qvt => moved successfully
C:\Windows\SysWOW64\quqsl => moved successfully
C:\Windows\SysWOW64\qttwzyei.dat => moved successfully
C:\Windows\SysWOW64\qswzofzltsi => moved successfully
C:\Windows\SysWOW64\qsopsnklrnj.dat => moved successfully
C:\Windows\SysWOW64\qrpcq.dat => moved successfully
C:\Windows\SysWOW64\qqqt.ini => moved successfully
C:\Windows\SysWOW64\qqqewpfdl.ini => moved successfully
C:\Windows\SysWOW64\qqmnchoguw => moved successfully
C:\Windows\SysWOW64\qpghwlpi.ini => moved successfully
C:\Windows\SysWOW64\qogqdj => moved successfully
C:\Windows\SysWOW64\qnretzig.ini => moved successfully
C:\Windows\SysWOW64\qncintxhpbv => moved successfully
C:\Windows\SysWOW64\qmlr => moved successfully
C:\Windows\SysWOW64\qldlx => moved successfully
C:\Windows\SysWOW64\qjhrojfdm => moved successfully
C:\Windows\SysWOW64\qhyfrlwcpck => moved successfully
C:\Windows\SysWOW64\qheefqe.dat => moved successfully
C:\Windows\SysWOW64\qebywplco => moved successfully
C:\Windows\SysWOW64\qcyfwezkrw => moved successfully
C:\Windows\SysWOW64\qcw => moved successfully
C:\Windows\SysWOW64\qbvhrrhf => moved successfully
C:\Windows\SysWOW64\qbt => moved successfully
C:\Windows\SysWOW64\qbqeurlah => moved successfully
C:\Windows\SysWOW64\qbdvroefxtf.ini => moved successfully
C:\Windows\SysWOW64\qayekwvmsh => moved successfully
C:\Windows\SysWOW64\pwlwjlqf => moved successfully
C:\Windows\SysWOW64\pwalonerzam => moved successfully
C:\Windows\SysWOW64\pwa => moved successfully
C:\Windows\SysWOW64\pvsbacopgo.ini => moved successfully
C:\Windows\SysWOW64\puxozpwjj.dat => moved successfully
C:\Windows\SysWOW64\ptuhkoey => moved successfully
C:\Windows\SysWOW64\ptfcgaof.dat => moved successfully
C:\Windows\SysWOW64\ptcwmepfq.xml => moved successfully
C:\Windows\SysWOW64\psxulyb.ini => moved successfully
C:\Windows\SysWOW64\psuezqksw.dat => moved successfully
C:\Windows\SysWOW64\pqognjycvt.dat => moved successfully
C:\Windows\SysWOW64\pqjjgvrcrr.ini => moved successfully
C:\Windows\SysWOW64\ppmurgqnqi => moved successfully
C:\Windows\SysWOW64\pplmagu.ini => moved successfully
C:\Windows\SysWOW64\pjtdqi.ini => moved successfully
C:\Windows\SysWOW64\pjjipw => moved successfully
C:\Windows\SysWOW64\phcioojd.ini => moved successfully
C:\Windows\SysWOW64\pgsh => moved successfully
C:\Windows\SysWOW64\pgmxllhrgl => moved successfully
C:\Windows\SysWOW64\pffkxpns => moved successfully
C:\Windows\SysWOW64\pepxq => moved successfully
C:\Windows\SysWOW64\pefaimbebk.ini => moved successfully
C:\Windows\SysWOW64\pedcjlq.ini => moved successfully
C:\Windows\SysWOW64\pdqrcouep => moved successfully
C:\Windows\SysWOW64\pctk => moved successfully
C:\Windows\SysWOW64\pcpmvigyknw.dat => moved successfully
C:\Windows\SysWOW64\pcnbisr => moved successfully
C:\Windows\SysWOW64\pclkwlz.ini => moved successfully
C:\Windows\SysWOW64\pbzcnzjjax => moved successfully
C:\Windows\SysWOW64\pathdekgnl.dat => moved successfully
C:\Windows\SysWOW64\oylo => moved successfully
C:\Windows\SysWOW64\oybbndhpat => moved successfully
C:\Windows\SysWOW64\oxxpcqneqfk.dat => moved successfully
C:\Windows\SysWOW64\oxsta => moved successfully
C:\Windows\SysWOW64\ousspnt.ini => moved successfully
C:\Windows\SysWOW64\ourtunrnnc => moved successfully
C:\Windows\SysWOW64\otvbczqzr.dat => moved successfully
C:\Windows\SysWOW64\otorwgb.ini => moved successfully
C:\Windows\SysWOW64\otngpkqlgc => moved successfully
C:\Windows\SysWOW64\oqljnan => moved successfully
C:\Windows\SysWOW64\oqipw => moved successfully
C:\Windows\SysWOW64\opnaypiuh => moved successfully
C:\Windows\SysWOW64\opn => moved successfully
C:\Windows\SysWOW64\oofzxmm.dat => moved successfully
C:\Windows\SysWOW64\oofsbkfk.ini => moved successfully
C:\Windows\SysWOW64\oocihv => moved successfully
C:\Windows\SysWOW64\ooaomuyhvz.ini => moved successfully
C:\Windows\SysWOW64\onuhfaqdr.dat => moved successfully
C:\Windows\SysWOW64\omgkwcqmzh => moved successfully
C:\Windows\SysWOW64\olwz => moved successfully
C:\Windows\SysWOW64\olvkvxg => moved successfully
C:\Windows\SysWOW64\olhitsu => moved successfully
C:\Windows\SysWOW64\olhdsirhbjm.dat => moved successfully
C:\Windows\SysWOW64\olcfhmx.ini => moved successfully
C:\Windows\SysWOW64\okbzdweogsf.ini => moved successfully
C:\Windows\SysWOW64\ojlw => moved successfully
C:\Windows\SysWOW64\oicryjbsxhd.ini => moved successfully
C:\Windows\SysWOW64\ohfmfxmgnvd => moved successfully
C:\Windows\SysWOW64\ogn.ini => moved successfully
C:\Windows\SysWOW64\ogknbwh.ini => moved successfully
C:\Windows\SysWOW64\odpeuveeirg => moved successfully
C:\Windows\SysWOW64\odklrkid => moved successfully
C:\Windows\SysWOW64\odieozehykz => moved successfully
C:\Windows\SysWOW64\ocduhsoaeky.ini => moved successfully
C:\Windows\SysWOW64\obfbsckxiuv => moved successfully
C:\Windows\SysWOW64\nysjggwyrz => moved successfully
C:\Windows\SysWOW64\nybrohbe => moved successfully
C:\Windows\SysWOW64\nvolurg => moved successfully
C:\Windows\SysWOW64\nvdkhnrqwn => moved successfully
C:\Windows\SysWOW64\ntpp.ini => moved successfully
C:\Windows\SysWOW64\nreadmitf => moved successfully
C:\Windows\SysWOW64\nqxtrw => moved successfully
C:\Windows\SysWOW64\npx => moved successfully
C:\Windows\SysWOW64\npuailglpt.dat => moved successfully
C:\Windows\SysWOW64\noyqt => moved successfully
C:\Windows\SysWOW64\nnzey => moved successfully
C:\Windows\SysWOW64\nlzvfpgxhuw.xml => moved successfully
C:\Windows\SysWOW64\netcd.ini => moved successfully
C:\Windows\SysWOW64\ndpxrjvfik.dat => moved successfully
C:\Windows\SysWOW64\narceunvfsr.ini => moved successfully
C:\Windows\SysWOW64\mzquaye => moved successfully
C:\Windows\SysWOW64\mxdvmytw.ini => moved successfully
C:\Windows\SysWOW64\mwzhlh.ini => moved successfully
C:\Windows\SysWOW64\mwuwz.dat => moved successfully
C:\Windows\SysWOW64\mvxgdkyrjxt => moved successfully
C:\Windows\SysWOW64\mvhxlyyr.dat => moved successfully
C:\Windows\SysWOW64\mvfhxic => moved successfully
C:\Windows\SysWOW64\msbwl => moved successfully
C:\Windows\SysWOW64\mrprxeehpe => moved successfully
C:\Windows\SysWOW64\mpvauzxwdz => moved successfully
C:\Windows\SysWOW64\mpuqpwyjjoe.ini => moved successfully
C:\Windows\SysWOW64\mpr => moved successfully
C:\Windows\SysWOW64\mlfml.ini => moved successfully
C:\Windows\SysWOW64\mkyszmt => moved successfully
C:\Windows\SysWOW64\minowwpnhw.dat => moved successfully
C:\Windows\SysWOW64\mimsxzkfsba => moved successfully
C:\Windows\SysWOW64\mhymnl.ini => moved successfully
C:\Windows\SysWOW64\mhefcltipun.ini => moved successfully
C:\Windows\SysWOW64\mftkul => moved successfully
C:\Windows\SysWOW64\mfpfkyzrxe => moved successfully
C:\Windows\SysWOW64\mflohpswrxl.dat => moved successfully
C:\Windows\SysWOW64\mcrrrdylbyb.dat => moved successfully
C:\Windows\SysWOW64\mbufohzbd.dat => moved successfully
C:\Windows\SysWOW64\mbpbf.ini => moved successfully
C:\Windows\SysWOW64\mbcuyqp => moved successfully
C:\Windows\SysWOW64\maynwlp.ini => moved successfully
C:\Windows\SysWOW64\lzjqvgauzfs => moved successfully
C:\Windows\SysWOW64\lxjydaq.dat => moved successfully
C:\Windows\SysWOW64\lwohwwxa => moved successfully
C:\Windows\SysWOW64\lwcnbd.ini => moved successfully
C:\Windows\SysWOW64\lvzw.dat => moved successfully
C:\Windows\SysWOW64\lvjfqnrfy.dat => moved successfully
C:\Windows\SysWOW64\ltm => moved successfully
C:\Windows\SysWOW64\ltcbbxm => moved successfully
C:\Windows\SysWOW64\lrwldsbcq => moved successfully
C:\Windows\SysWOW64\lrotxpqhol => moved successfully
C:\Windows\SysWOW64\lqya.dat => moved successfully
C:\Windows\SysWOW64\lqpksm => moved successfully
C:\Windows\SysWOW64\lptdlhqltgj => moved successfully
C:\Windows\SysWOW64\lnuzijew => moved successfully
C:\Windows\SysWOW64\lnm.ini => moved successfully
C:\Windows\SysWOW64\lmti => moved successfully
C:\Windows\SysWOW64\lmkwvtfa.ini => moved successfully
C:\Windows\SysWOW64\lljl => moved successfully
C:\Windows\SysWOW64\lklnirnii => moved successfully
C:\Windows\SysWOW64\litvwn => moved successfully
C:\Windows\SysWOW64\liif.ini => moved successfully
C:\Windows\SysWOW64\lhlcj.ini => moved successfully
C:\Windows\SysWOW64\lffhqjpt.dat => moved successfully
C:\Windows\SysWOW64\lfdwrke => moved successfully
C:\Windows\SysWOW64\lex.dat => moved successfully
C:\Windows\SysWOW64\lervczxc => moved successfully
C:\Windows\SysWOW64\lepkgvz => moved successfully
C:\Windows\SysWOW64\ldypa => moved successfully
C:\Windows\SysWOW64\ldna.ini => moved successfully
C:\Windows\SysWOW64\lbial => moved successfully
C:\Windows\SysWOW64\kza => moved successfully
C:\Windows\SysWOW64\kykkyyjuomq => moved successfully
C:\Windows\SysWOW64\kxfziwiehxe => moved successfully
C:\Windows\SysWOW64\ktkvvqws.dat => moved successfully
C:\Windows\SysWOW64\kppamcnflm.dat => moved successfully
C:\Windows\SysWOW64\kokjkgnayl.dat => moved successfully
C:\Windows\SysWOW64\knkpjcuzkb => moved successfully
C:\Windows\SysWOW64\knk.ini => moved successfully
C:\Windows\SysWOW64\kmgbr => moved successfully
C:\Windows\SysWOW64\kkxlvn => moved successfully
C:\Windows\SysWOW64\kkrk.ini => moved successfully
C:\Windows\SysWOW64\kjvzwobzke.ini => moved successfully
C:\Windows\SysWOW64\kjvgkvsar => moved successfully
C:\Windows\SysWOW64\kjj => moved successfully
C:\Windows\SysWOW64\khzpcmbe => moved successfully
C:\Windows\SysWOW64\kgqeevfnt.dat => moved successfully
C:\Windows\SysWOW64\kfzlj => moved successfully
C:\Windows\SysWOW64\kfkegdfzsmf.dat => moved successfully
C:\Windows\SysWOW64\kffzqte => moved successfully
C:\Windows\SysWOW64\kdi => moved successfully
C:\Windows\SysWOW64\kcd => moved successfully
C:\Windows\SysWOW64\kblu.ini => moved successfully
C:\Windows\SysWOW64\kagoeryt => moved successfully
C:\Windows\SysWOW64\kaddzumq.ini => moved successfully
C:\Windows\SysWOW64\jxvemnjznu => moved successfully
C:\Windows\SysWOW64\jxqxva.ini => moved successfully
C:\Windows\SysWOW64\jvpytddxshm.ini => moved successfully
C:\Windows\SysWOW64\jvanbm.ini => moved successfully
C:\Windows\SysWOW64\junn => moved successfully
C:\Windows\SysWOW64\jtdznq => moved successfully
C:\Windows\SysWOW64\jsslx => moved successfully
C:\Windows\SysWOW64\jsgzsb => moved successfully
C:\Windows\SysWOW64\jscxtijpp.ini => moved successfully
C:\Windows\SysWOW64\jresfclof => moved successfully
C:\Windows\SysWOW64\jmpx => moved successfully
C:\Windows\SysWOW64\jkne => moved successfully
C:\Windows\SysWOW64\jhvyfmljeob => moved successfully
C:\Windows\SysWOW64\jfuwpyqkkiu => moved successfully
C:\Windows\SysWOW64\jfilvhux => moved successfully
C:\Windows\SysWOW64\jes => moved successfully
C:\Windows\SysWOW64\jeoc => moved successfully
C:\Windows\SysWOW64\jecbuzopv.ini => moved successfully
C:\Windows\SysWOW64\jdlshte => moved successfully
C:\Windows\SysWOW64\jclas => moved successfully
C:\Windows\SysWOW64\jazdltqdat.ini => moved successfully
C:\Windows\SysWOW64\iyao => moved successfully
C:\Windows\SysWOW64\ixrmyzmuf.ini => moved successfully
C:\Windows\SysWOW64\ivz.ini => moved successfully
C:\Windows\SysWOW64\iuzsgndntd => moved successfully
C:\Windows\SysWOW64\itshnv.ini => moved successfully
C:\Windows\SysWOW64\ithugwck.dat => moved successfully
C:\Windows\SysWOW64\isnvgwxvzx.ini => moved successfully
C:\Windows\SysWOW64\ipldozicq => moved successfully
C:\Windows\SysWOW64\ipdnxhip => moved successfully
C:\Windows\SysWOW64\iooy => moved successfully
C:\Windows\SysWOW64\iobspad => moved successfully
C:\Windows\SysWOW64\imisiwl.ini => moved successfully
C:\Windows\SysWOW64\ilppyukvb.ini => moved successfully
C:\Windows\SysWOW64\ikvd.ini => moved successfully
C:\Windows\SysWOW64\ikugogpknz => moved successfully
C:\Windows\SysWOW64\ikitzfwrlzd => moved successfully
C:\Windows\SysWOW64\ihxkhtew => moved successfully
C:\Windows\SysWOW64\igy => moved successfully
C:\Windows\SysWOW64\igwyc => moved successfully
C:\Windows\SysWOW64\ifwyys => moved successfully
C:\Windows\SysWOW64\ifvbafbi.dat => moved successfully
C:\Windows\SysWOW64\ifhfyantlzc => moved successfully
C:\Windows\SysWOW64\ifh => moved successfully
C:\Windows\SysWOW64\iecx => moved successfully
C:\Windows\SysWOW64\idzfxu => moved successfully
C:\Windows\SysWOW64\iduxw.ini => moved successfully
C:\Windows\SysWOW64\ict.ini => moved successfully
C:\Windows\SysWOW64\ibqvywo.ini => moved successfully
C:\Windows\SysWOW64\iarssnndg => moved successfully
C:\Windows\SysWOW64\hzooveshuhi => moved successfully
C:\Windows\SysWOW64\hznd => moved successfully
C:\Windows\SysWOW64\hxpuo.dat => moved successfully
C:\Windows\SysWOW64\hxokmtz.ini => moved successfully
C:\Windows\SysWOW64\hwsfdvw => moved successfully
C:\Windows\SysWOW64\hvbzrysf => moved successfully
C:\Windows\SysWOW64\hulemjbpzih.dat => moved successfully
C:\Windows\SysWOW64\huiqk => moved successfully
C:\Windows\SysWOW64\htzs.dat => moved successfully
C:\Windows\SysWOW64\htubwk.ini => moved successfully
C:\Windows\SysWOW64\htmhmor => moved successfully
C:\Windows\SysWOW64\hsxps => moved successfully
C:\Windows\SysWOW64\hrqwp => moved successfully
C:\Windows\SysWOW64\hrfumedgw.ini => moved successfully
C:\Windows\SysWOW64\hqwxnfwmq.ini => moved successfully
C:\Windows\SysWOW64\hqofa => moved successfully
C:\Windows\SysWOW64\hoboh.dat => moved successfully
C:\Windows\SysWOW64\hmzimwaq.dat => moved successfully
C:\Windows\SysWOW64\hiushfclfla.ini => moved successfully
C:\Windows\SysWOW64\higwf => moved successfully
C:\Windows\SysWOW64\hhxjfatux.dat => moved successfully
C:\Windows\SysWOW64\hgu.ini => moved successfully
C:\Windows\SysWOW64\hgdxppghmnp.dat => moved successfully
C:\Windows\SysWOW64\hfbtzuzg => moved successfully
C:\Windows\SysWOW64\hfaptb.dat => moved successfully
C:\Windows\SysWOW64\hbqnkzjqm.dat => moved successfully
C:\Windows\SysWOW64\hbduxvmv => moved successfully
C:\Windows\SysWOW64\gzswrdxw.ini => moved successfully
C:\Windows\SysWOW64\gxveh.dat => moved successfully
C:\Windows\SysWOW64\gxiglgpq.ini => moved successfully
C:\Windows\SysWOW64\gwyphivwam => moved successfully
C:\Windows\SysWOW64\gwegf.dat => moved successfully
C:\Windows\SysWOW64\gwcogj => moved successfully
C:\Windows\SysWOW64\gvsgjc => moved successfully
C:\Windows\SysWOW64\gtkrjpla => moved successfully
C:\Windows\SysWOW64\gsztiwpu => moved successfully
C:\Windows\SysWOW64\gswxesatox.ini => moved successfully
C:\Windows\SysWOW64\gswssvrjl => moved successfully
C:\Windows\SysWOW64\gqr => moved successfully
C:\Windows\SysWOW64\gksspjwk.dat => moved successfully
C:\Windows\SysWOW64\gjrxn.dat => moved successfully
C:\Windows\SysWOW64\gityrsbrb => moved successfully
C:\Windows\SysWOW64\giemuzl.ini => moved successfully
C:\Windows\SysWOW64\ghgeryzg => moved successfully
C:\Windows\SysWOW64\ghdvcccqxcv.ini => moved successfully
C:\Windows\SysWOW64\ggjxmqh.ini => moved successfully
C:\Windows\SysWOW64\gfgr => moved successfully
C:\Windows\SysWOW64\gecrm.ini => moved successfully
C:\Windows\SysWOW64\gdsbvd => moved successfully
C:\Windows\SysWOW64\gck => moved successfully
C:\Windows\SysWOW64\gcgii.ini => moved successfully
C:\Windows\SysWOW64\gbx.ini => moved successfully
C:\Windows\SysWOW64\gazeenlg => moved successfully
C:\Windows\SysWOW64\ganwg => moved successfully
C:\Windows\SysWOW64\fzzu.dat => moved successfully
C:\Windows\SysWOW64\fyvyvw.ini => moved successfully
C:\Windows\SysWOW64\fxwpiwys => moved successfully
C:\Windows\SysWOW64\fxhn => moved successfully
C:\Windows\SysWOW64\fsopbrrnag => moved successfully
C:\Windows\SysWOW64\fsjfcnvfjr => moved successfully
C:\Windows\SysWOW64\frznpwqgbxt => moved successfully
C:\Windows\SysWOW64\fqat.dat => moved successfully
C:\Windows\SysWOW64\fonbotjzdzr => moved successfully
C:\Windows\SysWOW64\fnyj.ini => moved successfully
C:\Windows\SysWOW64\fnxe.dat => moved successfully
C:\Windows\SysWOW64\fnwncbqssp.xml => moved successfully
C:\Windows\SysWOW64\fmlgoxxnn.ini => moved successfully
C:\Windows\SysWOW64\fkuuzbgv.dat => moved successfully
C:\Windows\SysWOW64\fjpkjgod => moved successfully
C:\Windows\SysWOW64\fhsongrcc => moved successfully
C:\Windows\SysWOW64\fhg => moved successfully
C:\Windows\SysWOW64\fhagevihj.dat => moved successfully
C:\Windows\SysWOW64\fcibhhrxsu => moved successfully
C:\Windows\SysWOW64\ezafudvoiyt.ini => moved successfully
C:\Windows\SysWOW64\evpk => moved successfully
C:\Windows\SysWOW64\eswjlbv => moved successfully
C:\Windows\SysWOW64\erauoi => moved successfully
C:\Windows\SysWOW64\eqartqwjeg => moved successfully
C:\Windows\SysWOW64\epvvbcvej => moved successfully
C:\Windows\SysWOW64\epuzw.ini => moved successfully
C:\Windows\SysWOW64\eng => moved successfully
C:\Windows\SysWOW64\eiwxqfsa => moved successfully
C:\Windows\SysWOW64\ehe.dat => moved successfully
C:\Windows\SysWOW64\egskehx.ini => moved successfully
C:\Windows\SysWOW64\egeegu => moved successfully
C:\Windows\SysWOW64\efwxeovrva => moved successfully
C:\Windows\SysWOW64\eesejbzog.ini => moved successfully
C:\Windows\SysWOW64\eebifxejokv => moved successfully
C:\Windows\SysWOW64\edsljcdivuy.ini => moved successfully
C:\Windows\SysWOW64\edovnmlhmu.xml => moved successfully
C:\Windows\SysWOW64\ecqooiby => moved successfully
C:\Windows\SysWOW64\ebwmf => moved successfully
C:\Windows\SysWOW64\ebeblkboibi => moved successfully
C:\Windows\SysWOW64\eafryqglx => moved successfully
C:\Windows\SysWOW64\dzna => moved successfully
C:\Windows\SysWOW64\dxrnzku.ini => moved successfully
C:\Windows\SysWOW64\dtxfol => moved successfully
C:\Windows\SysWOW64\dqeavzgp.xml => moved successfully
C:\Windows\SysWOW64\dqajfj.ini => moved successfully
C:\Windows\SysWOW64\dpfrqyaznoo => moved successfully
C:\Windows\SysWOW64\dows => moved successfully
C:\Windows\SysWOW64\dogequdlcho => moved successfully
C:\Windows\SysWOW64\dmuuqmc.ini => moved successfully
C:\Windows\SysWOW64\dmtlsnues.dat => moved successfully
C:\Windows\SysWOW64\dkfd.ini => moved successfully
C:\Windows\SysWOW64\djzobvavx.ini => moved successfully
C:\Windows\SysWOW64\dizbniz.xml => moved successfully
C:\Windows\SysWOW64\dgppwo.dat => moved successfully
C:\Windows\SysWOW64\dgckkqqq.ini => moved successfully
C:\Windows\SysWOW64\dfswulgomz.ini => moved successfully
C:\Windows\SysWOW64\dfol.ini => moved successfully
C:\Windows\SysWOW64\dfdenbmhi => moved successfully
C:\Windows\SysWOW64\detwvkklv.ini => moved successfully
C:\Windows\SysWOW64\defhdp.ini => moved successfully
C:\Windows\SysWOW64\dbsbm => moved successfully
C:\Windows\SysWOW64\daltzc => moved successfully
C:\Windows\SysWOW64\daflhn => moved successfully
C:\Windows\SysWOW64\cxoab => moved successfully
C:\Windows\SysWOW64\cwr => moved successfully
C:\Windows\SysWOW64\ctxnogspj.ini => moved successfully
C:\Windows\SysWOW64\ctsn => moved successfully
C:\Windows\SysWOW64\cqbt.ini => moved successfully
C:\Windows\SysWOW64\cprceg => moved successfully
C:\Windows\SysWOW64\cntaml.ini => moved successfully
C:\Windows\SysWOW64\cjsvjsn => moved successfully
C:\Windows\SysWOW64\cixpn => moved successfully
C:\Windows\SysWOW64\civwzqm.ini => moved successfully
C:\Windows\SysWOW64\cheng.ini => moved successfully
C:\Windows\SysWOW64\cguaohd => moved successfully
C:\Windows\SysWOW64\cfclssx.ini => moved successfully
C:\Windows\SysWOW64\cdntf.dat => moved successfully
C:\Windows\SysWOW64\cbqynozbpo.ini => moved successfully
C:\Windows\SysWOW64\cbgvboorrjj.dat => moved successfully
C:\Windows\SysWOW64\cakqt => moved successfully
C:\Windows\SysWOW64\bzyz.dat => moved successfully
C:\Windows\SysWOW64\bzkhikmncyf => moved successfully
C:\Windows\SysWOW64\byoqvakieh.ini => moved successfully
C:\Windows\SysWOW64\bycuny => moved successfully
C:\Windows\SysWOW64\bxqecmpfn.ini => moved successfully
C:\Windows\SysWOW64\bulcyfilrrd.dat => moved successfully
C:\Windows\SysWOW64\bsxkwl.dat => moved successfully
C:\Windows\SysWOW64\bsmobir.dat => moved successfully
C:\Windows\SysWOW64\bpajjydv => moved successfully
C:\Windows\SysWOW64\bmpedqmgmxo => moved successfully
C:\Windows\SysWOW64\blxcchdo.dat => moved successfully
C:\Windows\SysWOW64\bloulzqvnrd => moved successfully
C:\Windows\SysWOW64\bfsdlrscmiv => moved successfully
C:\Windows\SysWOW64\betjex.ini => moved successfully
C:\Windows\SysWOW64\bacdzugy => moved successfully
C:\Windows\SysWOW64\azuxhafgo.ini => moved successfully
C:\Windows\SysWOW64\azepwokxctz => moved successfully
C:\Windows\SysWOW64\ayyyufnvi.ini => moved successfully
C:\Windows\SysWOW64\axxvniyw => moved successfully
C:\Windows\SysWOW64\auqopa => moved successfully
C:\Windows\SysWOW64\auemdu.ini => moved successfully
C:\Windows\SysWOW64\aso.dat => moved successfully
C:\Windows\SysWOW64\arsimaqa => moved successfully
C:\Windows\SysWOW64\arembuqqlhl.ini => moved successfully
C:\Windows\SysWOW64\aqluxxpvzxz => moved successfully
C:\Windows\SysWOW64\apluecjxljh.ini => moved successfully
C:\Windows\SysWOW64\aotnjwxb.xml => moved successfully
C:\Windows\SysWOW64\alswcpnkwg => moved successfully
C:\Windows\SysWOW64\alpzadzk => moved successfully
C:\Windows\SysWOW64\akophcvl => moved successfully
C:\Windows\SysWOW64\akjgqsepny.ini => moved successfully
C:\Windows\SysWOW64\ajnzyssdz.dat => moved successfully
C:\Windows\SysWOW64\ajfm.ini => moved successfully
C:\Windows\SysWOW64\aihwg => moved successfully
C:\Windows\SysWOW64\ahlkupje => moved successfully
C:\Windows\SysWOW64\agd => moved successfully
C:\Windows\SysWOW64\afocvlmwd => moved successfully
C:\Windows\SysWOW64\aesvs.dat => moved successfully
C:\Windows\SysWOW64\adpgegoatcl => moved successfully
C:\Windows\SysWOW64\aclcvmx.ini => moved successfully
C:\Windows\SysWOW64\abqj => moved successfully
C:\Windows\SysWOW64\aaydghedumh => moved successfully
C:\Windows\rnni.ini => moved successfully
C:\Windows\refyhravcw.dat => moved successfully
C:\Windows\qgqkumwr.ini => moved successfully
C:\Windows\pxluctu.dat => moved successfully
C:\Windows\pnaphwmzlgp => moved successfully
C:\Windows\oaap => moved successfully
C:\Windows\nhs => moved successfully
C:\Windows\lzuovdq => moved successfully
C:\Windows\lyi => moved successfully
C:\Windows\lqrbl => moved successfully
C:\Windows\kragnbr.dat => moved successfully
C:\Windows\jnpltjziixr => moved successfully
C:\Windows\iurduaasebj => moved successfully
C:\Windows\hihw => moved successfully
C:\Windows\grgqrvb => moved successfully
C:\Windows\fas.ini => moved successfully
C:\Windows\err.ini => moved successfully
C:\Windows\ejxebk => moved successfully
C:\Windows\eewo.ini => moved successfully
C:\Windows\ecisfvuhpa.ini => moved successfully
C:\Windows\dwbwxg => moved successfully
C:\Windows\dehidfjtpt => moved successfully
C:\Windows\cpznhdhikek => moved successfully
C:\Windows\baxqskha.dat => moved successfully
C:\Users\USER\AppData\Local\Temp\GURB97C.exe => moved successfully
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe => moved successfully
C:\Users\USER\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\USER\AppData\Local\Temp\{B4187E8C-C594-4F26-805E-A4AE556DD017}.exe => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{9857E89F-00FC-4CD9-A135-FB15C53E3DA6} canceled.
{A89A5B59-21F8-47CE-B0BD-CDB08153BC0A} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:29:41 ====

 

 

 

 

for the adware removal, there was no S0 log only c1 c2 s1 and s2. I'm going to paste the ones that were created today ie 16th Jan

 

S2

 

# AdwCleaner v5.029 - Logfile created 16/01/2016 at 10:36:51
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : USER - HP
# Running from : C:\Users\USER\Downloads\Programs\adwcleaner_5.029.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [570 bytes] ##########
 

 

 

C2

 

 

# AdwCleaner v5.029 - Logfile created 16/01/2016 at 10:40:26
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : USER - HP
# Running from : C:\Users\USER\Downloads\Programs\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [662 bytes] ##########
 

 

 

 

 

JRT LOG

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64
Ran by USER (Administrator) on Sat 01/16/2016 at 10:50:33.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/16/2016 at 10:57:55.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

thank you


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Hello,

Two things to do, reset Firefox and run Malwarebytes.

How to reset Firefox;
  • Click the menu button and then click help .
  • From the Help menu choose Troubleshooting Information. ...
  • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.

    Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

There was no Reset firefox instead there was refresh, so I chose that instead.

 

Malwarebytes did not detect anything.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2016
Scan Time: 8:07 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.17.02
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: USER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330474
Time Elapsed: 17 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Thumbnails

  • Capture.JPG

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Tell me how is the computer and or Firefox ?

Then
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#9
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

The problem has not yet been resolved :/

Im getting a "wonderlandads" redirect. As I mentioned earlier, it only occurs for websites other than the https sites and occurs when I click on a link. It opens up in a new window ..

 

 

 

here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by USER (administrator) on HP (19-01-2016 11:33:48)
Running from C:\Users\USER\Downloads\Programs
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\KMS\KMS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\My WIFI Router\bmser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(WordWeb Software) F:\WordWeb\wweb32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8458968 2015-03-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [99064 2015-12-07] (Panda Security, S.L.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [GarenaPlus] => "F:\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [WordWeb] => F:\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [Google Update] => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{AE90576C-1979-43C9-8D26-79196EFB8156}: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{CD917F21-16FC-4567-8EFF-43E5D9B488A6}: [DhcpNameServer] 172.16.224.2 218.248.233.3

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\76ggilh7.default-1453040933184
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-01] ( Garena)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2016-01-19] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - F:\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - F:\WordWeb\WCaptureMoz [2015-10-21] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-12-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-09-17] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-12-07] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [72952 2015-11-30] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-12-07] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-03-06] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-12-24] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-12-24] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-12-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78584 2015-12-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-12-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-12-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-11-22] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120056 2015-11-29] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-11-22] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-12-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [136952 2015-12-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-11-29] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3568856 2014-09-24] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-03] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\USER\AppData\Local\Temp\gkernel.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 19:03 - 2016-01-18 19:03 - 00001062 _____ C:\Users\USER\Desktop\WhatsApp.lnk
2016-01-17 21:50 - 2016-01-17 21:50 - 00001836 _____ C:\Users\Public\Desktop\Apps.lnk
2016-01-17 21:50 - 2016-01-17 21:50 - 00001779 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-01-17 21:49 - 2016-01-17 22:02 - 00000000 ____D C:\ProgramData\BlueStacks
2016-01-17 21:49 - 2016-01-17 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-01-17 21:49 - 2016-01-17 21:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-01-17 21:48 - 2016-01-17 21:48 - 00000000 ____D C:\Users\USER\AppData\Local\Bluestacks
2016-01-17 19:58 - 2016-01-17 19:58 - 00000000 ____D C:\Users\USER\Desktop\Old Firefox Data
2016-01-17 19:37 - 2015-05-22 14:15 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-16 10:57 - 2016-01-18 03:26 - 00000917 _____ C:\Users\USER\Desktop\JRT.txt
2016-01-16 10:26 - 2016-01-16 10:26 - 00060394 _____ C:\Users\USER\Downloads\FIXLIST.txt
2016-01-14 20:35 - 2016-01-19 11:33 - 00000000 ____D C:\FRST
2016-01-12 20:25 - 2016-01-12 20:26 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Users\USER\AppData\Roaming\Panda Security
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-12 20:05 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-10 11:30 - 2016-01-16 10:40 - 00000000 ____D C:\AdwCleaner
2016-01-05 12:37 - 2016-01-05 12:43 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR REPORT FORMAT
2016-01-03 11:45 - 2016-01-03 11:45 - 00000000 ____D C:\Users\USER\AppData\Roaming\aipai
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPixel
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
2015-12-31 20:55 - 2016-01-07 09:37 - 00000000 ____D C:\Users\USER\Desktop\seminar mine
2015-12-31 20:36 - 2016-01-06 22:18 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR eg
2015-12-27 18:35 - 2015-12-27 18:35 - 00000000 ____D C:\Users\USER\Documents\VideoPad Projects
2015-12-27 18:31 - 2015-12-27 18:31 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-12-23 23:32 - 2016-01-08 08:48 - 00000000 ____D C:\Users\USER\Desktop\New folder
2015-12-23 22:50 - 2015-12-23 22:50 - 00000000 _____ C:\autoexec.bat
2015-12-23 22:37 - 2015-12-23 22:37 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-22 22:33 - 2015-12-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-12-20 00:52 - 2015-12-20 00:52 - 00000000 ____D C:\Program Files (x86)\Garena Total

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-19 11:32 - 2015-09-22 10:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{13577F26-D72F-4587-B470-A1DBBBD660BB}
2016-01-19 11:08 - 2015-11-15 13:27 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job
2016-01-19 09:07 - 2015-11-15 13:27 - 00000858 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job
2016-01-19 08:59 - 2015-09-19 19:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-921485403-2575864937-4210904776-1001
2016-01-19 08:40 - 2015-11-25 23:25 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-01-19 08:39 - 2015-10-21 12:00 - 00001110 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-19 08:39 - 2015-09-19 23:12 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-19 08:39 - 2015-09-19 20:15 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2016-01-19 08:39 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 03:26 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2016-01-17 21:50 - 2013-08-22 21:06 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-17 21:48 - 2015-11-30 01:38 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-01-17 20:07 - 2015-10-04 11:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-16 21:46 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\Downloads\Compressed
2016-01-16 10:28 - 2013-08-22 19:06 - 00000000 ____D C:\Windows
2016-01-16 10:21 - 2015-10-09 20:49 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVG
2016-01-16 10:21 - 2015-10-09 20:32 - 00000000 ____D C:\ProgramData\Avg
2016-01-16 10:21 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-13 17:29 - 2013-08-22 20:14 - 00527496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-12 20:26 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2016-01-12 02:59 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-07 16:06 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\Downloads\Video
2016-01-05 22:06 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2016-01-05 19:28 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2016-01-03 11:42 - 2015-09-19 20:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-03 11:42 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2015-12-27 10:13 - 2015-11-25 19:23 - 00007600 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-12-22 22:33 - 2015-09-24 09:02 - 00000000 ____D C:\Users\USER\AppData\Local\Google
2015-12-22 22:27 - 2014-01-15 18:27 - 00000000 ____D C:\Windows\KMS
2015-12-20 11:06 - 2015-10-21 13:06 - 00000000 ____D C:\Users\USER\Downloads\wallpaper
2015-12-20 00:49 - 2015-10-11 00:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\GarenaPlus
2015-12-20 00:49 - 2015-10-11 00:32 - 00000000 ____D C:\ProgramData\GarenaMessenger

==================== Files in the root of some directories =======

2015-11-19 08:50 - 2015-11-19 09:06 - 0000115 _____ () C:\Users\USER\AppData\Roaming\LogFile.txt
2015-10-11 01:38 - 2015-11-20 18:35 - 0045270 _____ () C:\Users\USER\AppData\Roaming\room_v3.dat
2015-09-30 12:33 - 2015-09-30 12:33 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-25 19:23 - 2015-12-27 10:13 - 0007600 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-09-24 09:07 - 2015-09-24 09:07 - 0000000 _____ () C:\Users\USER\AppData\Local\{B607AE99-9100-406D-A74F-02025B4F0770}

Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-12 21:57

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by USER (2016-01-19 11:34:46)
Running from C:\Users\USER\Downloads\Programs
Windows 8.1 Pro (X64) (2015-09-19 14:06:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-921485403-2575864937-4210904776-500 - Administrator - Disabled)
Guest (S-1-5-21-921485403-2575864937-4210904776-501 - Limited - Disabled)
USER (S-1-5-21-921485403-2575864937-4210904776-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Out of date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Out of date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.170 - Broadcom Corporation)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Google Chrome (HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4281 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Panda Devices Agent (x32 Version: 1.03.06 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 8.20.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30182 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.39.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7455 - Realtek Semiconductor Corp.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.22 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Device Recovery Tool 3.1.4 (HKLM-x32\...\{d4849306-53e9-465f-8a2d-a68c8fcfe4dd}) (Version: 3.1.4 - Microsoft)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)
Your Freedom 20151111-01 (HKLM-x32\...\Your_Deploy_0) (Version:  - resolution GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DF9AB9D-8BC1-4269-9873-2D300A79F272} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-11-11] ()
Task: {72B0950E-A263-41AB-A4EB-53748857F4F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {7E491859-3AE3-46DE-88BF-6A591916427A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-24] (Adobe Systems Incorporated)
Task: {B472D1A9-EEBD-40E1-9AD2-E055C00DE325} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B71AD709-6B25-4A26-B6C7-77993931F1B5} - System32\Tasks\{FAD0EC96-51A4-4001-81B1-951269B934AF} => pcalua.exe -a C:\Users\USER\Downloads\Programs\win64_154012.exe -d C:\Users\USER\AppData\Roaming\IDM
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C887F459-C2C4-4710-93CB-FFA3D2F0CF21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {CFB55E4D-B926-4456-BB57-7E4AFF6FC476} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F679A661-D75B-4DCF-9B41-FB97D7FD900E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-02 09:32 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2015-09-19 19:36 - 2014-01-04 17:22 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2015-09-19 19:36 - 2013-12-04 01:31 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2015-10-09 18:52 - 2015-11-11 13:29 - 00168384 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-04-23 08:28 - 2014-04-23 08:28 - 01656416 _____ () C:\Program Files (x86)\My WIFI Router\bmser.exe
2015-12-15 22:47 - 2015-12-15 22:47 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-09 18:53 - 2015-11-11 13:29 - 02519488 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-12-02 08:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-02 08:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-02 08:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-23 08:28 - 2014-04-23 08:28 - 00193392 _____ () C:\Program Files (x86)\My WIFI Router\bmupdex.dll
2015-12-16 22:01 - 2015-11-11 01:25 - 00778752 _____ () E:\Steam\SDL2.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 04962816 _____ () E:\Steam\v8.dll
2015-12-16 22:01 - 2015-12-15 01:31 - 02547280 _____ () E:\Steam\video.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 01556992 _____ () E:\Steam\icui18n.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 01187840 _____ () E:\Steam\icuuc.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-12-16 22:01 - 2015-12-15 01:31 - 00804432 _____ () E:\Steam\bin\chromehtml.DLL
2015-11-17 21:25 - 2015-11-04 03:30 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-12-16 22:01 - 2015-11-17 06:01 - 47846176 _____ () E:\Steam\bin\libcef.dll
2015-10-21 16:43 - 2015-09-25 05:26 - 00119208 _____ () E:\Steam\winh264.dll
2015-10-08 17:49 - 2016-01-17 21:50 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2015-10-08 17:49 - 2016-01-17 21:50 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2016-01-16 10:28 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-921485403-2575864937-4210904776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\Downloads\wallpaper\space_pilot-1366x768.jpg
DNS Servers: 46.101.178.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\StartupFolder: => "r.lnk"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\Run: => "GarenaPlus"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4B3501D-6EFA-452B-B6A5-3961975DA0A6}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{E4B7321F-F3D6-4B57-A493-69CDAE030B71}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{1F6A0F79-C60B-42D6-A098-7E5D223990D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF600147-70E8-4B9E-A63D-549DD5747FB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73E80287-B682-4B54-BB5D-4726CF5C6A1D}] => (Allow) F:\Garena Plus\ggdllhost.exe
FirewallRules: [{4BB5B31E-C267-4BAA-B95C-6A06E0F7B485}] => (Allow) F:\Garena Plus\Room\garena_room.exe
FirewallRules: [{58EBDC79-F3A9-47DA-B122-C661E93CE1A2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{0E89BE7C-349B-4824-AA19-B1EED3C552BA}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{4BA84F61-712F-42C4-AC49-A560238A71B8}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{35AFB527-11D4-4173-B6B7-EAC8E9586D82}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{1DD8A6D1-10B4-468E-A730-A54E0A9DB45F}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{62EAF6AC-0AE1-4D06-B0EA-989B6E141BD2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{5ADEE819-265A-4480-8ED8-1F9CE99019DF}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6D10EF45-6934-4606-AB61-BDF70A59AFAE}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C38DA49F-658E-438C-A98A-C57D738A2A8C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D04BBC07-371D-4A6B-A2DB-A3FBC167E938}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B9B307F-F016-4624-B2C1-8B23DEDD8389}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{C9B7C9B9-7347-4D8E-8FAB-55EDA911547F}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{CCF9E7B7-9A49-4B8F-A64D-FFE68D451D1B}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{515A7A20-4634-4696-A309-F9697169A1F9}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{7B7DB94E-0C80-402A-985B-79DCD9A57138}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{DDA76CC5-81E0-42A7-9538-0A7BD58EEE13}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [TCP Query User{1535DD3E-198F-4C10-8088-1F3D03C9B6B6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{005B92E1-C367-4731-992C-3117488257D9}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{68C18CC4-E3A7-4ED9-B8FF-B4DBF5FAF0C9}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{9F80C398-DBEF-4DE3-B07F-C7BC1451E58C}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{6E518937-B5BB-4DE4-861D-536F8B81A635}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F62FFD9D-8AB3-4408-9A40-5B5BA0457CCC}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B0D30BD-3989-4A65-8794-C373CB9CD2C2}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{2AF723CB-6B80-457B-9071-B828EB66AC5E}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{BDDA8327-CB5E-4B21-BCD4-7D639DA8D99A}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{8D584E34-169D-475E-8945-27CCF24D6722}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FCAD242B-14B1-4500-B14A-87452F91FBC2}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{0A6836F2-29D4-4D5C-BB03-1FA2D7A4D0E5}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [TCP Query User{22E78331-A400-4510-8041-FCF8D53A7762}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [UDP Query User{577F7BE6-3F42-4CE5-A525-4DB8FAF56E47}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [{ADDF4EE8-E983-47BF-88AF-79BDF376BAAE}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{7B5E3993-FDF0-4683-AF8B-817F9DCD6C4B}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [TCP Query User{0B05774B-D732-4D98-A2D3-D04D0E195F58}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [UDP Query User{B260784D-F4C3-4EE0-A687-76BAF63FCC4B}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [TCP Query User{82562156-6C57-4E24-98B9-8D6B604F49CC}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{49ED8963-A542-44A4-9E6E-D0BEF0FC7AB2}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [{D66A53E2-78FC-47AE-802E-853DDB1C0528}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

25-12-2015 21:58:03 JRT Pre-Junkware Removal
03-01-2016 05:31:28 Scheduled Checkpoint
10-01-2016 19:51:07 Scheduled Checkpoint
13-01-2016 20:12:33 Removed BlueStacks App Player
16-01-2016 10:27:37 Restore Point Created by FRST
16-01-2016 10:42:47 JRT Pre-Junkware Removal
16-01-2016 10:50:33 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2016 09:47:51 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 09:47:51 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 09:47:29 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 09:47:29 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 09:46:13 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 09:46:13 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 08:59:31 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4800) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 08:59:31 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4800) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 08:43:20 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (2412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.

Error: (01/19/2016 08:43:20 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (2412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.


System errors:
=============
Error: (01/19/2016 08:39:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/18/2016 09:40:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/17/2016 09:02:09 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/17/2016 09:01:39 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/17/2016 07:37:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/17/2016 10:08:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/16/2016 10:27:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/16/2016 01:32:21 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/16/2016 10:41:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/16/2016 10:40:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 4016.67 MB
Available physical RAM: 2246.17 MB
Total Virtual: 5198.38 MB
Available Virtual: 2659.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.31 GB) (Free:65.75 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:416.93 GB) (Free:392.23 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:416.93 GB) (Free:407.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0458014D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=416.9 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Hello,

Download the enclosed file.=>Attached File  fixlist.txt   1.33KB   121 downloads Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

If the fix does not work, we will or should reinstall Firefox completely, that means saving your bookmarks. It's possible your Firefox profile is corrupted.

Thanks
Joe

Let me know if it works
  • 0

Advertisements


#11
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Another redirect occurred when I tried to sign in to this website.

 

I'll try installing firefox again

 

here is the fix log

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by USER (2016-01-20 22:53:17) Run:2
Running from C:\Users\USER\Downloads\Programs
Loaded Profiles: USER (Available Profiles: USER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2016-01-16 10:21 - 2015-10-09 20:49 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVG
2016-01-16 10:21 - 2015-10-09 20:32 - 00000000 ____D C:\ProgramData\Avg
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\USER\AppData\Local\Temp\gkernel.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
2016-01-16 10:26 - 2016-01-16 10:26 - 00060394 _____ C:\Users\USER\Downloads\FIXLIST.txt
2015-09-30 12:33 - 2015-09-30 12:33 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-24 09:07 - 2015-09-24 09:07 - 0000000 _____ () C:\Users\USER\AppData\Local\{B607AE99-9100-406D-A74F-02025B4F0770}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\USER\AppData\Roaming\AVG => moved successfully
C:\ProgramData\Avg => moved successfully
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe => moved successfully
C:\Users\USER\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FE2CE35-E1B4-47B7-BEFA-6DEE6488CDF8}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE787B85-D93D-48FC-A974-0A70CACBAC35}\\SystemComponent => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value removed successfully
ew_hwusbdev => service removed successfully
ew_usbenumfilter => service removed successfully
GGSAFERDriver => service removed successfully
gkernel => Unable to stop service.
gkernel => service removed successfully
huawei_enumerator => service removed successfully
hwdatacard => service removed successfully
C:\Users\USER\Downloads\FIXLIST.txt => moved successfully
C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\USER\AppData\Local\{B607AE99-9100-406D-A74F-02025B4F0770} => moved successfully

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state Off =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 233.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:54:26 ====


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Please do a clean install of firefox make sure you do below.

Remove my Firefox personal data and customizations"

As shown here http://kb.mozillazin...talling_Firefox
  • 0

#13
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

hello

 

I installed the latest version of firefox and the problem has not occurred ever since. I went to the websites which would normally cause this problem and checked. I believe it's fixed!!!

 

 

 

Thank you for all the time and effort :D  I've fixed so many computer problems with help from all the folks at geekstogo. Thank you!!!


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
You're welcome,

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

To remove tools
Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#15
Vinod Antony

Vinod Antony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

# DelFix v1.011 - Logfile created 23/01/2016 at 15:13:12
# Updated 18/08/2015 by Xplode
# Username : USER - HP
# Operating System : Windows 8.1 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\USER\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #23 [Removed BlueStacks App Player | 01/13/2016 14:42:33]
Deleted : RP #25 [Restore Point Created by FRST | 01/16/2016 04:57:37]
Deleted : RP #26 [JRT Pre-Junkware Removal | 01/16/2016 05:12:47]
Deleted : RP #27 [JRT Pre-Junkware Removal | 01/16/2016 05:20:33]
Deleted : RP #29 [Restore Point Created by FRST | 01/20/2016 17:23:23]
Deleted : RP #30 [Removed FMW 1 | 01/21/2016 10:03:03]
Deleted : RP #31 [Removed Emergency Download Driver | 01/21/2016 10:03:46]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

 

if there anything else feel free to ask :P


  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, malware, redirect, browser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP