Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC cpu usage 100% and some errors .exe


  • This topic is locked This topic is locked
28 replies to this topic

#1 DPRK

DPRK

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 10 January 2017 - 01:06 AM

it's my first time in here sorry if there's wrong somewhere

 

im using windows 7

my pc have 100% cpu usage even not opening many programs

and my games or other app .exe after few hours installed it always corrupt / can't open

can't open task manager + regedit

after change the value on regedit to 0 always back to 1 after few seconds

this problem almost 1 years maybe

i just reinstall windows 1-2 weeks ago ( reinstall windows few time )

it works fine can open task manager regedit

after few hours can't open task manager and regedit

cpu usage high too


Edited by DPRK, 10 January 2017 - 01:06 AM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 12 January 2017 - 02:26 PM

Hi DPRK and welcome to BC

Let's have a look and see if anything's amiss.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 January 2017 - 05:41 AM


 
sorry for late reply :)
here the reports

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2017
Ran by user (administrator) on USER-PC (17-01-2017 17:39:03)
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Andromax M2Y\FI_Eject.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Mega Limited) C:\Users\user\AppData\Local\MEGAsync\MEGAsync.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ranked Gaming) D:\X\Ranked Gaming Client\rgc.exe
(MPC-HC Team) C:\Program Files\MPC-HC\mpc-hc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1736704 2017-01-15] (Smadsoft)
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4097136 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoUpdateCheck] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-01-12]
ShortcutTarget: MEGAsync.lnk -> C:\Users\user\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
AlternateShell:
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{72FCE971-51BA-4EEC-8EF7-1B349A4A1ED6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C5110869-A858-4687-937E-4403FD0084F2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3768A2A-4153-4D43-85BE-7E3697C75A95}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3393853819-73074403-155253753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://123.itiankong.com/?2
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3393853819-73074403-155253753-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: fmhs0bv9.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fmhs0bv9.default [2017-01-17]
FF Homepage: Mozilla\Firefox\Profiles\fmhs0bv9.default -> google.com
FF Extension: (anonymoX) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fmhs0bv9.default\Extensions\client@anonymox.net.xpi [2016-12-25]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-12-22] [not signed]
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2017-01-17] [not signed]
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-23] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-3393853819-73074403-155253753-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files\orgame\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CDROM_Eject_Smart; C:\Program Files\Andromax M2Y\FI_Eject.exe [2186240 2015-05-15] () [File not signed]
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3463120 2016-12-14] (Malwarebytes) [File not signed]
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [143648 2006-10-27] (Microsoft Corporation) [File not signed]
S4 npggsvc; C:\Windows\system32\GameMon.des [8128688 2016-11-09] (INCA Internet Co., Ltd.)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [518960 2006-10-26] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [218912 2006-10-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-11] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-11] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-11] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-11] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2005-09-15] (Sonic Solutions) [File not signed]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 17:36 - 2017-01-17 17:39 - 00000000 ____D C:\FRST
2017-01-17 16:09 - 2017-01-17 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline
2017-01-17 16:00 - 2017-01-17 16:00 - 00000000 ____D C:\T3fun
2017-01-16 09:43 - 2017-01-16 09:43 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sunyiru
2017-01-13 14:39 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-13 14:39 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-13 14:39 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-13 14:39 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-13 14:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-13 14:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-13 14:37 - 2017-01-17 17:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 14:37 - 2017-01-13 14:37 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-13 14:37 - 2017-01-13 14:37 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-13 14:35 - 2017-01-13 14:35 - 17137226 _____ C:\Users\user\Downloads\leave2gether-v12.swf
2017-01-12 14:33 - 2017-01-12 14:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2017-01-11 01:43 - 2017-01-17 17:24 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-01-11 01:29 - 2017-01-11 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-10 12:19 - 2017-01-11 15:55 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 12:18 - 2017-01-10 12:18 - 00002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-10 12:18 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-10 12:09 - 2017-01-10 12:09 - 00000440 __RSH C:\Users\user\ntuser.pol
2017-01-10 12:01 - 2017-01-10 12:01 - 00002318 _____ C:\Users\Public\Desktop\Virus Effect Remover.lnk
2017-01-10 12:01 - 2017-01-10 12:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Secure Lab
2017-01-10 12:01 - 2017-01-10 12:01 - 00000000 ____D C:\Program Files\Virus Secure Lab
2017-01-09 16:03 - 2017-01-09 16:04 - 00001205 _____ C:\Users\user\Downloads\FixNCR.reg
2017-01-09 15:33 - 2017-01-09 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 16:11 - 2017-01-08 16:11 - 00000000 ____D C:\Users\user\AppData\Roaming\CWPatcher
2017-01-08 16:11 - 2017-01-08 16:11 - 00000000 ____D C:\Users\user\AppData\Roaming\CW
2017-01-08 16:10 - 2017-01-08 16:10 - 00001786 _____ C:\Users\Public\Desktop\Closers Online Website.lnk
2017-01-08 16:10 - 2017-01-08 16:10 - 00001706 _____ C:\Users\Public\Desktop\Closers Online.lnk
2017-01-08 16:05 - 2017-01-08 16:10 - 00000000 ____D C:\ProgramData\regid.2016-04.com.megaxus.closers
2017-01-08 16:05 - 2017-01-08 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megaxus
2017-01-08 16:05 - 2017-01-08 16:05 - 00000000 ____D C:\Megaxus
2017-01-08 01:40 - 2017-01-08 01:40 - 00001214 _____ C:\Users\user\Desktop\4K Video Downloader.lnk
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\Users\user\AppData\Local\4kdownload.com
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\Program Files\4KDownload
2017-01-07 19:37 - 2017-01-07 19:37 - 00000000 ____D C:\Program Files\Andromax M2Y
2017-01-07 01:10 - 2011-06-26 13:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-07 01:10 - 2010-11-08 00:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-07 01:10 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-07 01:09 - 2017-01-09 16:19 - 00000000 ____D C:\Qoobox
2017-01-07 01:09 - 2017-01-09 16:00 - 00000000 ____D C:\Users\user\Desktop\mbar
2017-01-07 01:09 - 2017-01-07 01:43 - 00000000 ____D C:\Windows\erdnt
2017-01-07 01:06 - 2017-01-07 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-06 20:23 - 2016-08-24 13:30 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\ALRes409.dll
2017-01-06 19:11 - 2017-01-06 19:11 - 00001039 _____ C:\Users\user\Desktop\Cheat Engine.lnk
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\Users\user\Documents\My Cheat Tables
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\Program Files\Cheat Engine 6.6
2017-01-05 14:48 - 2017-01-05 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\AnkamaCertificates
2017-01-05 14:47 - 2017-01-05 15:00 - 00000008 _____ C:\Users\user\AppData\Roaming\DofusAppId0_1
2017-01-05 14:47 - 2017-01-05 15:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Dofus
2017-01-05 14:47 - 2017-01-05 14:47 - 00000113 _____ C:\Users\user\AppData\Roaming\D2Info0
2017-01-05 14:47 - 2017-01-05 14:47 - 00000008 _____ C:\Users\user\AppData\Roaming\DofusAppId0_2
2017-01-05 14:47 - 2017-01-05 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Reg
2017-01-05 14:47 - 2017-01-05 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Dofus-2
2017-01-05 12:43 - 2017-01-05 12:47 - 00000000 ____D C:\Program Files\orgame
2017-01-05 12:43 - 2017-01-05 12:43 - 00000965 _____ C:\Users\Public\Desktop\orgame.lnk
2017-01-05 12:43 - 2017-01-05 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\orgame
2017-01-05 12:24 - 2017-01-05 12:50 - 00000642 _____ C:\Users\user\Desktop\Crystal Saga 2.lnk
2017-01-05 12:24 - 2017-01-05 12:24 - 00000000 ____D C:\Crystal Saga 2
2017-01-05 11:30 - 2017-01-05 15:03 - 00000000 ____D C:\Users\user\AppData\Local\Ankama
2017-01-05 10:47 - 2017-01-05 11:05 - 00000000 ____D C:\Program Files\Pirate King Online
2017-01-05 00:18 - 2017-01-05 00:18 - 00000961 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-05 00:18 - 2017-01-05 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-05 00:17 - 2017-01-05 00:18 - 00000000 ____D C:\Program Files\CCleaner
2017-01-02 20:24 - 2017-01-07 16:36 - 00001819 _____ C:\Users\user\Desktop\MPC-HC.lnk
2017-01-02 20:24 - 2017-01-07 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-01-02 20:24 - 2017-01-07 16:36 - 00000000 ____D C:\Program Files\MPC-HC
2017-01-02 17:29 - 2017-01-05 00:20 - 00000000 ____D C:\Windows\pss
2016-12-29 16:05 - 2016-12-29 16:05 - 00001007 _____ C:\Users\user\Desktop\anomy.exe - Shortcut.lnk
2016-12-29 16:05 - 2016-12-29 16:05 - 00000000 ____D C:\Program Files\Anomy
2016-12-29 14:29 - 2016-12-29 14:29 - 00000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2016-12-29 14:29 - 2016-12-29 14:29 - 00000000 ____D C:\Users\user\AppData\Local\Kalyskah_RPG
2016-12-29 14:21 - 2015-06-07 06:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-12-29 14:12 - 2016-12-29 14:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-29 00:55 - 2017-01-07 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\MacroCommerce
2016-12-29 00:55 - 2016-12-29 00:55 - 00000000 ____D C:\Users\user\AppData\Roaming\qmacro
2016-12-29 00:55 - 2016-12-29 00:55 - 00000000 ____D C:\Users\user\AppData\Roaming\MyMacro
2016-12-29 00:47 - 2016-12-29 00:47 - 00000000 ____D C:\Users\user\AppData\Roaming\SGuoBrowser
2016-12-29 00:46 - 2016-12-29 01:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-29 00:46 - 2016-12-29 00:46 - 00000000 ____D C:\Users\user\AppData\Local\webgameAgent
2016-12-29 00:46 - 2016-12-29 00:46 - 00000000 ____D C:\Users\user\AppData\Local\ToolWagon
2016-12-29 00:45 - 2016-12-29 01:01 - 00000000 ____D C:\Program Files\ToolWagon
2016-12-29 00:45 - 2016-12-29 00:45 - 00000000 ____D C:\Users\user\AppData\Local\ToolWagonSetupSkinZS
2016-12-28 16:48 - 2016-12-28 16:48 - 00000000 ____D C:\ProgramData\Wondershare
2016-12-28 16:47 - 2016-12-28 16:47 - 00000000 ____D C:\Users\user\AppData\Local\Wondershare
2016-12-28 15:53 - 2016-12-28 15:53 - 00000000 ____D C:\Users\user\AppData\Local\Glassix
2016-12-28 15:53 - 2016-12-28 15:53 - 00000000 ____D C:\Users\user\AppData\Local\Crashpad
2016-12-28 14:07 - 2017-01-16 00:51 - 00000000 ____D C:\Users\user\Documents\MEGAsync Downloads
2016-12-28 14:06 - 2017-01-07 15:24 - 00001007 _____ C:\Users\user\Desktop\MEGAsync.lnk
2016-12-28 14:06 - 2016-12-29 07:06 - 00000000 ___RD C:\Users\user\Documents\MEGA
2016-12-28 14:06 - 2016-12-28 14:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-28 14:06 - 2016-12-28 14:06 - 00000000 ____D C:\Users\user\AppData\Local\Mega Limited
2016-12-28 14:05 - 2017-01-07 15:24 - 00000000 ____D C:\Users\user\AppData\Local\MEGAsync
2016-12-28 00:00 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2016-12-28 00:00 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2016-12-27 23:58 - 2017-01-13 14:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-27 00:58 - 2016-12-27 00:58 - 00002636 _____ C:\Users\user\Desktop\BitTorrent.lnk
2016-12-27 00:58 - 2016-12-27 00:58 - 00002636 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-27 00:57 - 2017-01-15 21:48 - 00000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
2016-12-25 10:32 - 2017-01-07 19:37 - 00001009 _____ C:\Users\Public\Desktop\Andromax M2Y.lnk
2016-12-25 10:32 - 2017-01-07 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y
2016-12-25 07:51 - 2017-01-11 15:54 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-25 07:47 - 2017-01-11 15:56 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-25 07:47 - 2017-01-11 15:54 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-25 07:47 - 2017-01-10 13:09 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-25 07:27 - 2017-01-10 12:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-25 07:00 - 2017-01-15 13:48 - 00000684 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2016-12-25 07:00 - 2017-01-15 13:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Smadav
2016-12-25 07:00 - 2017-01-15 13:48 - 00000000 ____D C:\Program Files\SMADAV
2016-12-25 07:00 - 2017-01-07 12:43 - 00000000 ____D C:\[Smad-Cage]
2016-12-25 07:00 - 2016-12-25 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2016-12-24 04:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-24 04:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-24 04:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-24 04:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-24 04:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-24 04:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-24 04:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-24 04:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-24 04:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-24 04:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-24 04:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-24 04:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-24 04:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-24 04:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-24 04:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-24 04:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-24 04:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-24 04:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-24 04:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-24 04:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-24 04:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-24 04:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-24 04:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-24 04:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-24 04:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-24 04:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-12-24 04:18 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-12-24 04:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-24 04:18 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-12-24 04:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-12-24 04:18 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-12-24 04:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-12-24 04:18 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-12-24 04:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-12-24 04:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-24 04:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-12-24 04:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-12-24 04:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-12-24 04:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-12-24 04:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-12-23 22:58 - 2017-01-16 16:36 - 00000000 ____D C:\Knowing Bros
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-12-23 22:05 - 2016-12-23 22:07 - 00000000 ____D C:\ProgramData\Oracle
2016-12-23 22:05 - 2016-12-23 22:05 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-12-23 22:05 - 2016-12-23 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-23 22:04 - 2016-12-23 22:04 - 00000000 ____D C:\Program Files\Java
2016-12-23 22:00 - 2016-12-23 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-23 22:00 - 2016-12-23 22:00 - 00000000 ____D C:\Program Files\7-Zip
2016-12-23 21:41 - 2016-11-09 19:52 - 08128688 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2016-12-23 21:40 - 2016-12-23 21:40 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-12-23 21:40 - 2004-12-30 19:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2016-12-23 21:40 - 2003-07-16 04:17 - 00005174 _____ C:\Windows\system32\nppt9x.vxd
2016-12-23 21:05 - 2016-12-23 21:05 - 00000000 ____D C:\Users\user\AppData\Local\KADOKAWA
2016-12-23 21:02 - 2017-01-12 15:37 - 00000000 ____D C:\Users\user\AppData\Roaming\RenPy
2016-12-23 14:26 - 2016-12-23 14:27 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-12-23 14:26 - 2016-12-23 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-12-23 14:23 - 2016-12-23 14:23 - 00000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2016-12-23 12:42 - 2016-12-23 12:42 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-12-23 12:41 - 2017-01-17 17:25 - 00326269 _____ C:\Windows\WindowsUpdate.log
2016-12-23 12:41 - 2016-12-29 14:15 - 00000000 ____D C:\Windows\SoftwareDistribution
2016-12-23 12:41 - 2016-12-23 12:41 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-12-23 12:40 - 2016-12-23 12:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-12-23 12:39 - 2017-01-17 17:22 - 00000000 ____D C:\Windows\Prefetch
2016-12-23 12:38 - 2017-01-17 17:21 - 2146623488 ___SH C:\pagefile.sys
2016-12-23 12:38 - 2017-01-17 17:21 - 1609965568 ___SH C:\hiberfil.sys
2016-12-23 12:38 - 2017-01-13 14:39 - 00000000 __SHD C:\System Volume Information
2016-12-23 12:36 - 2017-01-05 00:19 - 00000000 ____D C:\Windows\Panther
2016-12-23 11:58 - 2017-01-12 14:36 - 00000000 ____D C:\Program Files\Common Files\Enterbrain
2016-12-23 11:58 - 2017-01-05 00:31 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC
2016-12-23 11:58 - 2016-12-23 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX Ace
2016-12-23 11:57 - 2016-12-23 11:57 - 00000000 ____D C:\Users\user\AppData\Local\Programs
2016-12-23 11:57 - 2016-12-23 11:57 - 00000000 ____D C:\Program Files\Enterbrain
2016-12-23 05:08 - 2016-12-28 16:48 - 00110000 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 23:38 - 2016-12-22 23:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-22 23:36 - 2016-12-23 11:05 - 00000000 ____D C:\Users\user\AppData\Local\Steam
2016-12-22 23:36 - 2016-12-22 23:36 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
2016-12-22 23:36 - 2016-12-22 23:36 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2016-12-22 23:29 - 2017-01-08 02:41 - 00000000 ____D C:\Program Files\Steam
2016-12-22 23:29 - 2016-12-23 09:16 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-12-22 23:27 - 2017-01-17 03:51 - 00000000 ____D C:\Warcraft III
2016-12-22 23:06 - 2017-01-05 00:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Player Classic
2016-12-22 23:04 - 2016-12-22 23:04 - 00002755 _____ C:\Users\user\Desktop\K.wpl - Shortcut.lnk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\zwjvhcytwbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\xibfo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\uivgphjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tzhdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\togl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tnlcyha
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zzmbkjttcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyowns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyadeizbstq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxykwvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxntsmpkns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxlhpcxet
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvybg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxxfsps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxuplfqaiv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zufsomdnqb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zprns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zph
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\znubd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmulmsalvp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmpm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zlvlgaoro.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkvadtmlfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zhbezzk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgtn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgdzvuq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zfxbo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zerryde
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zdo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zbu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zayfbnltwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yzvlitevcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yztg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywjmsytb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywcotf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yueiza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yrvdebxgrzt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yruogei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqwnxmuqkr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqjwaqwjrgn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypwgam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ynbpico.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yjbyky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yifbtom
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yhvfljhx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yft.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfguqg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfddtyco.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeubbz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeqc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybnso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybcwdcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yajdu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yacxpunyz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xxfxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwolbkcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwfjdkdtixu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xuyoohmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xsdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjnqaxgslz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjmwls.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xratz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xogeiasqdx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnrwoffi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnaaiqyn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xlaoaq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xkiazoygsu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xivldzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xitroqxj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhxj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhliavnncf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhjvdk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhepiahgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xfor.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdnu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbwudob.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbeumyws.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xabxrnwognq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wztapis.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvpmojcpagc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvmaql.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wuienx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wtkvqxla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wriuwbh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wrfmrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wqnbogohpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpushbesv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wooq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnzrlwgymia
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwpuad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmsxmgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcwjfwebcg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcbsqz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmaeoulj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wltgfaapaxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wlagsxpfnjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wkaig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjjkwjxof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\winwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgjy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgfzxqxc.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgekhz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wchut
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wbyqcoru
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vylysjgigsp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vydky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vxamvnvecd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwvpxtf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vuzy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vutlo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vtccpjjxhbl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vqzkhuu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vpymgh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlzenqzgwi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vltbvctcek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlhw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vky.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhuya
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhgdwwy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vgkauki
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vexcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vekhfmquvd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vedcfvtun
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vcwbqe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uykjvcews
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uvhkeoo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uuknvmo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\usbsjhq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urupvqobgah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urfoeuqrrvx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upwhfcfpq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upqsk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umckcky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umblkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ukqsipcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujurc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujupkolaxz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujemlvpjgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uilhoi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uhgxcxne.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ugh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\udixx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ubomomrwsdk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uaqqwmjt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\txkpazbbtc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tvumtdvg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tviuuwtwvs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tubh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tttpgilubhz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trpcwzo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trjhziwhqax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tqkrkktdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tplabizkfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tparier
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmksiwyo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmiduq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmhmpisgrjb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tjerrruiu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tixbprzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgysztaa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\teatwcjgoq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tcu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\szanch.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sxngztzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swucw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swrosmstc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swmx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\svh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\surl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\strlohjio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sthnpbr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srceeuuzog
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sqrvkkbktxz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sntlrnm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slvwlpnaqo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slfzi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skjqlknoa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skcx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjzadmi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjfso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sghtkpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfxzlgg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfsz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzyxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzuc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rybqxma
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rxlxmq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwwmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwumiig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rvitifkhda.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ruwy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rumiqlhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtssxvscl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtsquze.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rrbddpfknf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rquw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rpz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnixg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnaxcorvnpm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rmkgnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rlxrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rkdkyehqiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rjzxhrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rilkwzwyil.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\riffaw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rifbww.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhrrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfmfahwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfbddh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rckntimj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbou.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qzegqoobxiy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qxbus.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qwdspx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qvt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\quqsl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qttwzyei.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qswzofzltsi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qsopsnklrnj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qrpcq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqewpfdl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqmnchoguw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qpghwlpi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qogqdj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qnretzig.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qncintxhpbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qmlr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qldlx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qjhrojfdm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qhyfrlwcpck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qheefqe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qebywplco
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcyfwezkrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbvhrrhf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbqeurlah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbdvroefxtf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qayekwvmsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwlwjlqf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwalonerzam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pvsbacopgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\puxozpwjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptuhkoey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptfcgaof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptcwmepfq.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psxulyb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psuezqksw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqognjycvt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqjjgvrcrr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ppmurgqnqi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pplmagu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjtdqi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjjipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\phcioojd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgmxllhrgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pffkxpns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pepxq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pefaimbebk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pedcjlq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pdqrcouep
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pctk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcpmvigyknw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcnbisr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pclkwlz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pbzcnzjjax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pathdekgnl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oylo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oybbndhpat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxxpcqneqfk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxsta
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ousspnt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ourtunrnnc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otvbczqzr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otorwgb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otngpkqlgc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqljnan
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opnaypiuh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofzxmm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofsbkfk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oocihv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ooaomuyhvz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\onuhfaqdr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\omgkwcqmzh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olwz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olvkvxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhitsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhdsirhbjm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olcfhmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\okbzdweogsf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ojlw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oicryjbsxhd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ohfmfxmgnvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogknbwh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odpeuveeirg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odklrkid
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odieozehykz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ocduhsoaeky.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\obfbsckxiuv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nysjggwyrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nybrohbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvolurg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvdkhnrqwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ntpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nreadmitf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nqxtrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npuailglpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\noyqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nnzey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nlzvfpgxhuw.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\netcd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ndpxrjvfik.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\narceunvfsr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mzquaye
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mxdvmytw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwzhlh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwuwz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvxgdkyrjxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvhxlyyr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvfhxic
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\msbwl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mrprxeehpe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpvauzxwdz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpuqpwyjjoe.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mlfml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mkyszmt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\minowwpnhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mimsxzkfsba
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhymnl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhefcltipun.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mftkul
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mfpfkyzrxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mflohpswrxl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mcrrrdylbyb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbufohzbd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbpbf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbcuyqp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\maynwlp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lzjqvgauzfs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lxjydaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwohwwxa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwcnbd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvzw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvjfqnrfy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltcbbxm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrwldsbcq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrotxpqhol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqya.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqpksm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lptdlhqltgj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnuzijew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmti
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmkwvtfa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lljl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lklnirnii
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\litvwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\liif.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lhlcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lffhqjpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lfdwrke
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lervczxc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lepkgvz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldypa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldna.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lbial
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kykkyyjuomq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kxfziwiehxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ktkvvqws.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kppamcnflm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kokjkgnayl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knkpjcuzkb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kmgbr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkxlvn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkrk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvzwobzke.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvgkvsar
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\khzpcmbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kgqeevfnt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfzlj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfkegdfzsmf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kffzqte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kcd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kblu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kagoeryt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kaddzumq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxvemnjznu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxqxva.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvpytddxshm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvanbm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\junn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jtdznq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsslx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsgzsb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jscxtijpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jresfclof
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jmpx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jkne
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jhvyfmljeob
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfuwpyqkkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfilvhux
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jes
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jeoc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jecbuzopv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jdlshte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jclas
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jazdltqdat.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iyao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ixrmyzmuf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ivz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iuzsgndntd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\itshnv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ithugwck.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\isnvgwxvzx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipldozicq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipdnxhip
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iooy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iobspad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\imisiwl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ilppyukvb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikvd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikugogpknz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikitzfwrlzd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ihxkhtew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igwyc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifwyys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifvbafbi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifhfyantlzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iecx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\idzfxu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iduxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ict.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ibqvywo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iarssnndg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hzooveshuhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hznd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxpuo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxokmtz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hwsfdvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hvbzrysf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hulemjbpzih.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\huiqk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htubwk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htmhmor
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hsxps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrqwp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrfumedgw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqwxnfwmq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqofa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hoboh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hmzimwaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hiushfclfla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\higwf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hhxjfatux.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgdxppghmnp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfbtzuzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfaptb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbqnkzjqm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbduxvmv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gzswrdxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxveh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxiglgpq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwyphivwam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwegf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwcogj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gvsgjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gtkrjpla
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gsztiwpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswxesatox.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswssvrjl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gqr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gksspjwk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gjrxn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gityrsbrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\giemuzl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghgeryzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghdvcccqxcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ggjxmqh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gfgr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gecrm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gdsbvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gcgii.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gbx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gazeenlg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ganwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fzzu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fyvyvw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxwpiwys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsopbrrnag
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsjfcnvfjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\frznpwqgbxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fqat.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fonbotjzdzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnyj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnxe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnwncbqssp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fmlgoxxnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fkuuzbgv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fjpkjgod
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhsongrcc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhagevihj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fcibhhrxsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ezafudvoiyt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\evpk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eswjlbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\erauoi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eqartqwjeg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epvvbcvej
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epuzw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eng
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eiwxqfsa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ehe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egskehx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egeegu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\efwxeovrva
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eesejbzog.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eebifxejokv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edsljcdivuy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edovnmlhmu.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ecqooiby
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebwmf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebeblkboibi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eafryqglx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dzna
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dxrnzku.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dtxfol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqeavzgp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqajfj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dpfrqyaznoo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dows
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dogequdlcho
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmuuqmc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmtlsnues.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dkfd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\djzobvavx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dizbniz.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgppwo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgckkqqq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfswulgomz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfol.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfdenbmhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\detwvkklv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\defhdp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dbsbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daltzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daflhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cxoab
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cwr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctxnogspj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cqbt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cprceg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cntaml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cjsvjsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cixpn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\civwzqm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cheng.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cguaohd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cfclssx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cdntf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbqynozbpo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbgvboorrjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cakqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzyz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzkhikmncyf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\byoqvakieh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bycuny
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bxqecmpfn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bulcyfilrrd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsxkwl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsmobir.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bpajjydv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bmpedqmgmxo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\blxcchdo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bloulzqvnrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bfsdlrscmiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\betjex.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bacdzugy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azuxhafgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azepwokxctz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ayyyufnvi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\axxvniyw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auqopa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auemdu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aso.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arsimaqa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arembuqqlhl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aqluxxpvzxz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\apluecjxljh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aotnjwxb.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alswcpnkwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alpzadzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akophcvl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akjgqsepny.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajnzyssdz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajfm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aihwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ahlkupje
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\agd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\afocvlmwd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aesvs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\adpgegoatcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aclcvmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\abqj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aaydghedumh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\rnni.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\refyhravcw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\qgqkumwr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pxluctu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pnaphwmzlgp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\oaap
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\nhs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lzuovdq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lyi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lqrbl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\kragnbr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\jnpltjziixr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\iurduaasebj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\hihw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\grgqrvb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\fas.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\err.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ejxebk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\eewo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ecisfvuhpa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dwbwxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dehidfjtpt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\cpznhdhikek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\baxqskha.dat
2016-12-22 22:56 - 2016-10-26 16:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-12-22 22:52 - 2017-01-17 17:37 - 00000000 ____D C:\Users\user\Downloads\Programs
2016-12-22 22:52 - 2017-01-17 17:24 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2016-12-22 22:52 - 2017-01-16 17:47 - 00000000 ____D C:\Users\user\Downloads\Video
2016-12-22 22:52 - 2017-01-16 12:02 - 00000000 ____D C:\Users\user\Downloads\Music
2016-12-22 22:52 - 2017-01-16 10:12 - 00000000 ____D C:\Users\user\Downloads\Compressed
2016-12-22 22:52 - 2017-01-13 14:35 - 00000000 ____D C:\Users\user\AppData\Roaming\IDM
2016-12-22 22:52 - 2016-12-22 22:52 - 00000000 ____D C:\Users\user\Downloads\Documents
2016-12-22 22:52 - 2016-12-22 22:52 - 00000000 ____D C:\ProgramData\IDM
2016-12-22 22:51 - 2017-01-11 15:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-22 22:51 - 2017-01-09 15:24 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-22 22:51 - 2017-01-09 15:24 - 00001101 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-22 22:51 - 2016-12-22 22:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-12-22 22:51 - 2016-12-22 22:51 - 00000975 _____ C:\Users\user\Desktop\Internet Download Manager.lnk
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-22 22:44 - 2016-12-28 00:00 - 00000000 ___SD C:\Users\user\AppData\LocalLow\Microsoft
2016-12-22 22:42 - 2016-12-22 22:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-22 22:36 - 2016-12-22 22:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-22 22:34 - 2016-12-22 22:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-22 22:34 - 2016-12-22 22:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-22 22:31 - 2017-01-13 14:38 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-12-22 22:31 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-12-22 22:31 - 2016-12-22 22:33 - 00001996 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-12-22 22:29 - 2016-12-22 22:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-22 22:29 - 2016-12-22 22:30 - 00000000 ____D C:\ProgramData\Adobe
2016-12-22 22:29 - 2016-12-22 22:29 - 00000000 ____D C:\Program Files\Adobe
2016-12-22 22:25 - 2016-12-22 22:25 - 00000000 ____D C:\Drivers
2016-12-22 22:25 - 2010-08-21 13:32 - 14092904 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 10350120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-22 22:25 - 2010-08-21 13:32 - 10267240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 04554856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 02893928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 02506856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 01627240 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00795104 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe
2016-12-22 22:25 - 2010-08-21 13:32 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1925.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00056936 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00010920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2016-12-22 22:25 - 2010-08-21 13:32 - 00008624 _____ C:\Windows\system32\nvinfo.pb
2016-12-22 22:23 - 2016-12-22 22:24 - 00000000 ____D C:\Program Files\Winamp
2016-12-22 22:23 - 2016-12-22 22:23 - 00000933 _____ C:\Users\user\Desktop\Winamp.lnk
2016-12-22 22:23 - 2016-12-22 22:23 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
2016-12-22 22:23 - 2016-12-22 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-12-22 22:23 - 2005-09-15 02:17 - 00462848 ____N (Sonic Solutions) C:\Windows\system32\px.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00319488 ____N (Sonic Solutions) C:\Windows\system32\pxdrv.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00286720 ____N (Sonic Solutions) C:\Windows\system32\pxwave.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00143360 ____N (Sonic Solutions) C:\Windows\system32\pxmas.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00053248 ____N C:\Windows\system32\pxhpinst.exe
2016-12-22 22:23 - 2005-09-15 02:17 - 00028672 ____N (Sonic Solutions) C:\Windows\system32\vxblock.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00020016 ____N (Sonic Solutions) C:\Windows\system32\Drivers\pxhelp20.sys
2016-12-22 22:22 - 2016-12-22 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-12-22 22:22 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Works
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-22 22:20 - 2017-01-06 21:24 - 00000000 ____D C:\Program Files\Microsoft.NET
2016-12-22 22:20 - 2016-12-22 22:20 - 00000000 ____D C:\Windows\PCHEALTH
2016-12-22 22:19 - 2017-01-12 14:33 - 00000000 __SHD C:\Windows\Installer
2016-12-22 22:19 - 2016-12-22 22:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-22 22:19 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-22 22:19 - 2016-12-22 22:19 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2016-12-22 22:19 - 2016-12-22 22:19 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-12-22 22:18 - 2016-12-22 22:18 - 00000000 ___RD C:\MSOCache
2016-12-22 22:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-12-22 22:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-12-22 22:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-12-22 22:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-12-22 22:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-12-22 22:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-12-22 22:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-12-22 22:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-12-22 22:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-12-22 22:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-12-22 22:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-12-22 22:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-12-22 22:16 - 2010-03-15 17:31 - 00165376 _____ C:\Windows\system32\unrar.dll
2016-12-22 22:15 - 2017-01-05 00:19 - 00000000 ____D C:\Windows\Minidump
2016-12-22 22:14 - 2016-12-22 22:16 - 00002317 _____ C:\Users\user\Desktop\Google Chrome.lnk
2016-12-22 22:14 - 2016-12-22 22:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-12-22 22:14 - 2016-12-22 22:14 - 00000000 ____D C:\Users\user\AppData\Local\Google
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\ProgramData\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 21:56 - 2017-01-17 04:18 - 03239469 ____H C:\Users\user\AppData\Local\IconCache.db
2016-12-22 21:55 - 2016-12-22 21:55 - 00004848 _____ C:\Windows\EasyDrv5_20161222_215455.ed5log
2016-12-22 21:55 - 2013-03-04 14:35 - 00643656 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2016-12-22 21:55 - 2013-03-04 14:35 - 00101448 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2016-12-22 21:55 - 2013-03-04 14:35 - 00085064 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2016-12-22 21:55 - 2010-01-06 13:13 - 00506368 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2016-12-22 21:55 - 2009-05-13 18:11 - 00006504 _____ () C:\Windows\system32\Drivers\ASACPI.sys
2016-12-22 21:50 - 2016-12-22 21:50 - 00001409 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-22 21:47 - 2017-01-12 15:00 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-22 21:47 - 2017-01-02 10:47 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-12-22 21:47 - 2016-12-22 21:50 - 00000402 ___SH C:\Users\user\Documents\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000338 ___SH C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000282 ___SH C:\Users\user\Downloads\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000282 ___SH C:\Users\user\Desktop\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000174 ___SH C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Searches
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Contacts
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ____D C:\Users\user\AppData\Roaming\Identities
2016-12-22 21:46 - 2017-01-17 17:39 - 02359296 ___SH C:\Users\user\NTUSER.DAT
2016-12-22 21:46 - 2017-01-17 17:39 - 00262144 ___SH C:\Users\user\ntuser.dat.LOG1
2016-12-22 21:46 - 2017-01-17 17:39 - 00000000 ____D C:\Users\user\AppData\Local\Temp
2016-12-22 21:46 - 2017-01-17 17:26 - 00000000 ___RD C:\Users\user\Desktop
2016-12-22 21:46 - 2017-01-17 17:26 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-22 21:46 - 2017-01-17 01:47 - 00000000 ___RD C:\Users\user\Downloads
2016-12-22 21:46 - 2017-01-16 09:43 - 00000000 ____D C:\Users\user\AppData\LocalLow
2016-12-22 21:46 - 2017-01-12 14:33 - 00000000 ___SD C:\Users\user\AppData\Roaming\Microsoft
2016-12-22 21:46 - 2017-01-10 12:09 - 00000000 ____D C:\Users\user
2016-12-22 21:46 - 2017-01-09 16:08 - 00000000 ____D C:\Users\user\AppData\Roaming
2016-12-22 21:46 - 2017-01-08 01:41 - 00000000 ___RD C:\Users\user\Videos
2016-12-22 21:46 - 2017-01-08 01:40 - 00000000 ____D C:\Users\user\AppData\Local
2016-12-22 21:46 - 2017-01-07 01:39 - 00000000 ___HD C:\Users\user\AppData
2016-12-22 21:46 - 2017-01-06 19:11 - 00000000 ___RD C:\Users\user\Documents
2016-12-22 21:46 - 2017-01-02 05:15 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft
2016-12-22 21:46 - 2016-12-28 14:07 - 00000000 ___RD C:\Users\user\Links
2016-12-22 21:46 - 2016-12-24 22:41 - 00000000 ___RD C:\Users\user\Pictures
2016-12-22 21:46 - 2016-12-22 23:04 - 00000000 ___RD C:\Users\user\Music
2016-12-22 21:46 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Saved Games
2016-12-22 21:46 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Favorites
2016-12-22 21:46 - 2016-12-22 21:46 - 00524288 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 21:46 - 2016-12-22 21:46 - 00524288 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2016-12-22 21:46 - 2016-12-22 21:46 - 00065536 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
2016-12-22 21:46 - 2016-12-22 21:46 - 00000020 ___SH C:\Users\user\ntuser.ini
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Templates
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Start Menu
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\SendTo
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Recent
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\PrintHood
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\NetHood
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\My Documents
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Local Settings
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Videos
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Pictures
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Music
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Cookies
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Application Data
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\Temporary Internet Files
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\History
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\Application Data
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 ___SH C:\Users\user\ntuser.dat.LOG2
2016-12-22 21:46 - 2011-04-12 09:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Center Programs
2016-12-22 21:46 - 2009-07-14 11:42 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-22 21:46 - 2009-07-14 11:37 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 17:26 - 2010-11-21 04:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 17:26 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2017-01-17 17:21 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-17 17:01 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 17:01 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-10 11:58 - 2009-07-14 09:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-09 16:16 - 2009-07-14 09:04 - 00000250 _____ C:\Windows\system.ini
2017-01-07 16:38 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-07 12:33 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\ModemLogs
2016-12-29 12:53 - 2009-07-14 11:33 - 00412520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-29 07:06 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public\Documents
2016-12-28 16:46 - 2009-07-14 09:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-25 07:44 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\wdi
2016-12-25 07:10 - 2009-07-14 09:37 - 00000000 ____D C:\PerfLogs
2016-12-25 07:09 - 2009-07-14 09:37 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-24 18:52 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-23 13:59 - 2009-07-14 09:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-23 12:43 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\oobe
2016-12-23 12:42 - 2009-07-14 11:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-23 12:42 - 2009-07-14 11:46 - 00122093 _____ C:\Windows\system32\license.rtf
2016-12-23 12:42 - 2009-07-14 11:41 - 00001130 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\config\TxR
2016-12-23 12:39 - 2011-04-12 09:24 - 00000000 ____D C:\Windows\CSC
2016-12-23 12:36 - 2009-07-14 11:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2016-12-23 12:36 - 2009-07-14 11:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-12-23 12:36 - 2009-07-14 11:34 - 00000000 ____D C:\Windows\Setup
2016-12-23 12:36 - 2009-07-14 09:03 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-22 22:42 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\Drivers\UMDF
2016-12-22 22:35 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Help
2016-12-22 22:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-22 22:21 - 2011-04-12 09:24 - 00000000 ____D C:\Windows\ShellNew
2016-12-22 22:21 - 2009-07-14 11:52 - 00000000 ____D C:\Program Files\MSBuild
2016-12-22 22:19 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-22 22:19 - 2009-07-14 09:04 - 00000478 _____ C:\Windows\win.ini
2016-12-22 22:16 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\system32\restore
2016-12-22 22:14 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-22 22:13 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\CodeIntegrity
2016-12-22 21:46 - 2009-07-14 09:37 - 00000000 ___RD C:\Users
2016-12-22 21:45 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2017-01-05 14:47 - 2017-01-05 14:47 - 0000113 _____ () C:\Users\user\AppData\Roaming\D2Info0
2017-01-05 14:47 - 2017-01-05 15:00 - 0000008 _____ () C:\Users\user\AppData\Roaming\DofusAppId0_1
2017-01-05 14:47 - 2017-01-05 14:47 - 0000008 _____ () C:\Users\user\AppData\Roaming\DofusAppId0_2

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\524e0d062d26bd6e350594b957b35ca4.dll
C:\Users\user\AppData\Local\Temp\8223b8edaec1c46ecb714a3a4682bb88.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 18:51

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by user (17-01-2017 17:39:41)
Running from C:\Users\user\Downloads\Programs
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-12-22 14:46:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3393853819-73074403-155253753-500 - Administrator - Disabled)
Guest (S-1-5-21-3393853819-73074403-155253753-501 - Limited - Disabled)
user (S-1-5-21-3393853819-73074403-155253753-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Andromax M2Y (HKLM\...\Andromax M2Y_is1) (Version: - )
Anomy 1.0 (HKLM\...\{9958A4D2-0E84-4179-99F8-090051E6A92D}_is1) (Version: - JustCme)
BitTorrent (HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\BitTorrent) (Version: 7.9.9.43086 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Closers Online (HKLM\...\{8A10F149-9DC8-4C90-A1DE-129DCE599378}) (Version: 1.171.0 - Megaxus)
Google Chrome (HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Google Chrome) (Version: 27.0.1453.94 - Google Inc.)
HF pAppLoc version 1.2 (HKLM\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.2 - Inquisitor)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Activation (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 3.0.5.1299 - Malwarebytes)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5947 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
orgame 0.975.040 (HKLM\...\{F8B5C340-2A84-4895-80E2-941ACE20284A}_is1) (Version: 0.975.040 - Gsoft)
piaip AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
RPG Maker VX Ace (HKLM\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SMADAV version 11.0 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.0 - Smadsoft)
UE4 Prerequisites (x86) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Virus Effect Remover© (HKLM\...\Virus Effect Remover - Version 3.2.2.26_20100312_is1) (Version: 3.2.2.26 - Virus Secure Lab®)
Winamp (remove only) (HKLM\...\Winamp) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3393853819-73074403-155253753-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\delegate_execute.exe (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {52A27BEA-3AD2-434B-8779-3D19C0792997} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-01-15] (Smadsoft)
Task: {68FB0C1D-40F4-4135-8F91-2CE3E5B376CD} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
Task: {BB540C19-7A3A-43EC-A386-F9AEA84F263F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {E0BDA045-3DE4-4A88-9A4F-B70DBE943446} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-07 19:37 - 2015-05-15 19:52 - 02186240 _____ () C:\Program Files\Andromax M2Y\FI_Eject.exe
2016-11-01 02:43 - 2016-11-01 02:43 - 00564736 _____ () C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll
2016-12-22 22:13 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2016-04-13 15:38 - 2016-04-13 15:38 - 00482304 _____ () C:\Users\user\AppData\Local\MEGAsync\libsodium.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00107520 _____ () D:\X\Ranked Gaming Client\zlib1.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00119822 _____ () D:\X\Ranked Gaming Client\libgcc_s_dw2-1.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 01026062 _____ () D:\X\Ranked Gaming Client\libstdc++-6.dll
2017-01-02 20:24 - 2015-11-14 18:18 - 00251632 _____ () C:\Program Files\MPC-HC\LAVFilters\libbluray.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2017-01-10 12:18 - 00000081 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3393853819-73074403-155253753-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: npggsvc => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => C:\Program Files\Winamp\winampa.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{35E471BD-C890-4F88-86DA-3C8DA485AC16}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{ED095F4A-2B36-40A5-89B7-A23E4B1D4A53}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1AF0AB8B-C5AA-49DD-886B-2D2E7C12BB09}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F09BCE28-C601-4F38-B44E-10B210544758}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7E5EB71B-170A-4163-9CF0-A50782632695}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{5AD562F3-81D8-417B-90A0-C5DC77EF2897}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{B2C5EBA9-E180-4938-87CF-7D5D236A6F66}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{501DD51B-E6F3-4A1A-8C39-30AB489FB699}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DEAC7C48-CF55-4AAD-A54A-EBE9332FA8F1}] => C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{873CF0D9-510A-4274-84E3-04045DC2C985}] => C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{6FCDD4C0-F60E-41B9-BC1C-7ACF050B5C3F}D:\x\ranked gaming client\rgcp\rgcp.exe] => D:\x\ranked gaming client\rgcp\rgcp.exe
FirewallRules: [UDP Query User{062E0715-9073-4852-9C1D-9BEAFA8D8DF5}D:\x\ranked gaming client\rgcp\rgcp.exe] => D:\x\ranked gaming client\rgcp\rgcp.exe
FirewallRules: [TCP Query User{1DA7D6B4-C80D-4BFF-B5BD-34736C282C7B}D:\x\ranked gaming client\rgcp\patcher\patcher.exe] => D:\x\ranked gaming client\rgcp\patcher\patcher.exe
FirewallRules: [UDP Query User{1DB7B735-EBC0-49FF-A5BB-E46110B81EE9}D:\x\ranked gaming client\rgcp\patcher\patcher.exe] => D:\x\ranked gaming client\rgcp\patcher\patcher.exe
FirewallRules: [TCP Query User{C72FF95A-FD48-4417-847A-5EE0B34841DD}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [UDP Query User{C2463A32-E93D-4FB8-AB82-E3C27F6F023E}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [TCP Query User{D88CC3A3-40B5-4070-A723-171A06832285}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [UDP Query User{5AF7AC17-7847-4AB1-9CDF-AE8D2FEAF4C9}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [TCP Query User{15666C00-437C-4609-94D8-B030EA4DDDFF}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [UDP Query User{130C75F7-CE55-46E7-899C-F1E1F0C185B9}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [TCP Query User{381F19D8-8AF6-4EDD-B1AD-A9CBCE760170}C:\warcraft iii\war3.exe] => C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{72CC0384-FF4A-4D4A-A891-B1E457A54325}C:\warcraft iii\war3.exe] => C:\warcraft iii\war3.exe
FirewallRules: [{64140BBA-3208-4E92-BE86-DA78C479C0CC}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E5C4EF71-56C8-448E-9ACA-3E07F1B7781E}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D2BB4152-E8D1-4897-BE69-825DA48C5452}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ABD9BFC1-93A7-4ADC-8C8A-D9558AAF97C7}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8784C8E5-2190-4246-8708-DDBF7C1D745A}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7F55B35-3B48-4F4A-ACF2-ECC7D1C2BF14}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{D1E9FCBE-B32E-4CE2-8567-BF1F0AB65633}C:\users\user\appdata\local\megasync\megasync.exe] => C:\users\user\appdata\local\megasync\megasync.exe
FirewallRules: [UDP Query User{0F04AC41-FDBD-45DF-BBF3-0D8BC775A62C}C:\users\user\appdata\local\megasync\megasync.exe] => C:\users\user\appdata\local\megasync\megasync.exe
FirewallRules: [{F84B9F58-8F32-4E63-A09A-D14615C9470E}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{5D64568D-553C-4508-B0AF-D162D6528F6F}C:\program files\internet download manager\idman.exe] => C:\program files\internet download manager\idman.exe
FirewallRules: [UDP Query User{A161EADC-AF19-4345-94AE-CAFE871113E6}C:\program files\internet download manager\idman.exe] => C:\program files\internet download manager\idman.exe
FirewallRules: [TCP Query User{ACB517E8-1E5C-4726-84F9-C5BDED8A7878}C:\program files\mpc-hc\mpc-hc.exe] => C:\program files\mpc-hc\mpc-hc.exe
FirewallRules: [UDP Query User{7061FD38-FC25-4206-A281-3BF23CE05083}C:\program files\mpc-hc\mpc-hc.exe] => C:\program files\mpc-hc\mpc-hc.exe
FirewallRules: [TCP Query User{3C6A2A03-96D2-4865-90F2-ED6EF908E5DC}C:\windows\system32\taskhost.exe] => C:\windows\system32\taskhost.exe
FirewallRules: [UDP Query User{E5CBDF13-E852-426A-80B8-18C0CF149595}C:\windows\system32\taskhost.exe] => C:\windows\system32\taskhost.exe
FirewallRules: [TCP Query User{E476B7C1-C6D1-4EAB-BB9D-D40B2D0B044E}C:\program files\smadav\smadavprotect32.exe] => C:\program files\smadav\smadavprotect32.exe
FirewallRules: [UDP Query User{0366F623-DB7A-4267-819E-72038E0AB227}C:\program files\smadav\smadavprotect32.exe] => C:\program files\smadav\smadavprotect32.exe
FirewallRules: [TCP Query User{0944DA1B-B585-44D3-9180-11C4DEB31E84}C:\program files\orgame\client.exe] => C:\program files\orgame\client.exe
FirewallRules: [UDP Query User{F28D94C6-9C88-4947-9711-0D37CE1E595F}C:\program files\orgame\client.exe] => C:\program files\orgame\client.exe
FirewallRules: [TCP Query User{8026CC60-D78D-4A6A-B2C6-C304D731FD07}C:\windows\system32\ping.exe] => C:\windows\system32\ping.exe
FirewallRules: [UDP Query User{17D06F96-0496-466C-B788-7B68CA12217E}C:\windows\system32\ping.exe] => C:\windows\system32\ping.exe
FirewallRules: [TCP Query User{17B598B9-AF0C-429C-9A9D-16C892169246}C:\windows\system32\taskeng.exe] => C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{008EAAFB-8DE3-43F3-A252-E9C19CB0D2B5}C:\windows\system32\taskeng.exe] => C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4C8C6C50-E47E-4F21-A0CD-7CE6EF0D2EFE}C:\warcraft iii\warkey 6.2\warkey.exe] => C:\warcraft iii\warkey 6.2\warkey.exe
FirewallRules: [UDP Query User{12C0DCE6-E027-4D58-9F23-FDC8EE6F4B0C}C:\warcraft iii\warkey 6.2\warkey.exe] => C:\warcraft iii\warkey 6.2\warkey.exe
FirewallRules: [TCP Query User{1A4560B7-08A4-4D3E-A8DE-5860A6290C9E}C:\windows\system32\conhost.exe] => C:\windows\system32\conhost.exe
FirewallRules: [UDP Query User{7FF2183A-539A-48B3-A37D-F376FA49117B}C:\windows\system32\conhost.exe] => C:\windows\system32\conhost.exe
FirewallRules: [{70F3C5EA-E792-43E9-AB12-07EAA0EC1564}] => C:\Megaxus\Closers Online\CW.EXE
FirewallRules: [{4E8AF611-DCA5-47CF-AE75-8814F02F1F59}] => C:\Megaxus\Closers Online\LAUNCHER.EXE
FirewallRules: [{145E14E0-5D47-469E-A002-ABF8A5CBA769}] => C:\Megaxus\Closers Online\CLOSERS.EXE
FirewallRules: [TCP Query User{5276D183-F889-4E7A-8ABC-CEF93E0E902D}D:\x\ranked gaming client\rgc.exe] => D:\x\ranked gaming client\rgc.exe
FirewallRules: [UDP Query User{5E6DFE6A-75E9-4796-9282-D8FDD908EA9E}D:\x\ranked gaming client\rgc.exe] => D:\x\ranked gaming client\rgc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Smadav\SmadavProtect32.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Warcraft III\Warkey 6.2\WarKey.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [D:\X\Ranked Gaming Client\rgc.exe] => Enabled:ipsec

==================== Restore Points =========================

08-01-2017 16:03:14 Installed DirectX
08-01-2017 16:04:33 Installed Closers Online
13-01-2017 13:27:45 Windows Update
13-01-2017 14:38:44 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2017 05:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2017 03:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2017 07:58:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2017 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/14/2017 05:27:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Broker for reading of IDM settings because of this error.

Program: Broker for reading of IDM settings
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/14/2017 05:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: idmBroker.exe, version: 6.22.1.1, time stamp: 0x582ee0c2
Faulting module name: idmBroker.exe, version: 6.22.1.1, time stamp: 0x582ee0c2
Exception code: 0xc0000096
Fault offset: 0x0000881d
Faulting process id: 0x4b4
Faulting application start time: 0x01d26e50c6cabb9f
Faulting application path: C:\Program Files\Internet Download Manager\idmBroker.exe
Faulting module path: C:\Program Files\Internet Download Manager\idmBroker.exe
Report Id: 05e23120-da44-11e6-be65-066ec3dcf196

Error: (01/14/2017 03:04:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/13/2017 03:29:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/13/2017 01:25:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2017 03:29:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dbc

Start Time: 01d26ca4bdb38fca

Termination Time: 3806

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 2d60bf03-d8a1-11e6-82e8-be1dd9192cc8


System errors:
=============
Error: (01/17/2017 05:21:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/17/2017 05:21:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/17/2017 05:21:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:18:45 PM on ‎1/‎17/‎2017 was unexpected.

Error: (01/17/2017 02:59:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/17/2017 02:58:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/16/2017 07:57:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/16/2017 07:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/15/2017 01:43:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/15/2017 01:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/14/2017 05:28:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 63%
Total physical RAM: 2047.18 MB
Available physical RAM: 740.66 MB
Total Virtual: 4094.36 MB
Available Virtual: 2473.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:17.4 GB) NTFS
Drive d: (DATA) (Fixed) (Total:70.92 GB) (Free:18.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E0E19306)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Attached File  Addition.txt   26.61KB   1 downloads
Attached File  FRST.txt   114.6KB   2 downloads

Edited by Starbuck, 17 January 2017 - 12:29 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 17 January 2017 - 01:02 PM

Hi DPRK
 

sorry for late reply

It's not a problem.
Good job you replied.... I can see what the problem is.
Without putting too finer point on it, your system is a bit of a mess and is heavily infected.
I can also see why the infection comes back after you reinstall the system.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
I see that you have run Combofix..... let's do it properly this time.
If you still have Combofix on your system, please right click on it and select delete.

Download a fresh copy of Combofix from any of the links below.
You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.. (use your screen name if you want).Then:

Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe
  • Please follow any prompts
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    Step 2
    Please re-run FRST. (after Combofix)
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      newfrst_zpsa63ffa3d.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
    In your next reply, please submit:
    Combofix.txt
    and both reports from FRST


    Thanks.

BBPP6nz.png


#5 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 January 2017 - 02:10 PM

ComboFix 17-01-13.01 - user 01/18/2017   1:56.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2047.1226 [GMT 7:00]
Running from: c:\users\user\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-12-17 to 2017-01-17  )))))))))))))))))))))))))))))))
.
.
2017-01-17 19:03 . 2017-01-17 19:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2017-01-17 10:36 . 2017-01-17 10:40    --------    d-----w-    C:\FRST
2017-01-17 10:31 . 2017-01-17 10:31    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EF418CC-3E4A-4267-8A73-BB239638DA78}\offreg.1604.dll
2017-01-16 21:18 . 2017-01-16 21:18    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EF418CC-3E4A-4267-8A73-BB239638DA78}\offreg.196.dll
2017-01-15 06:53 . 2017-01-15 06:53    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EF418CC-3E4A-4267-8A73-BB239638DA78}\offreg.1748.dll
2017-01-13 07:49 . 2017-01-13 07:49    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EF418CC-3E4A-4267-8A73-BB239638DA78}\offreg.1792.dll
2017-01-13 07:39 . 2014-05-14 16:23    45536    ----a-w-    c:\windows\system32\wups2.dll
2017-01-13 07:39 . 2014-05-14 16:23    54240    ----a-w-    c:\windows\system32\wuauclt.exe
2017-01-13 07:39 . 2014-05-14 16:23    1973728    ----a-w-    c:\windows\system32\wuaueng.dll
2017-01-13 07:39 . 2014-05-14 16:17    2425856    ----a-w-    c:\windows\system32\wucltux.dll
2017-01-13 07:39 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\system32\wups.dll
2017-01-13 07:39 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\system32\wuapi.dll
2017-01-13 07:39 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\system32\wudriver.dll
2017-01-13 07:39 . 2014-05-14 02:23    179656    ----a-w-    c:\windows\system32\wuwebv.dll
2017-01-13 07:39 . 2014-05-14 02:17    33792    ----a-w-    c:\windows\system32\wuapp.exe
2017-01-13 07:37 . 2017-01-13 07:37    802904    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2017-01-13 07:37 . 2017-01-13 07:37    144472    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-13 06:29 . 2016-12-30 22:26    9561744    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EF418CC-3E4A-4267-8A73-BB239638DA78}\mpengine.dll
2017-01-10 05:19 . 2017-01-11 08:55    87496    ----a-w-    c:\windows\system32\drivers\farflt.sys
2017-01-10 05:18 . 2016-12-14 05:55    59968    ----a-w-    c:\windows\system32\drivers\mbae.sys
2017-01-10 05:18 . 2017-01-10 05:18    --------    d-----w-    c:\program files\Malwarebytes
2017-01-10 05:18 . 2017-01-10 05:18    --------    d-----w-    c:\windows\system32\drivers\etc\BACKUP
2017-01-10 05:01 . 2017-01-10 05:01    --------    d-----w-    c:\program files\Virus Secure Lab
2017-01-09 08:33 . 2017-01-09 09:00    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-01-08 09:05 . 2017-01-08 09:10    --------    d-----w-    c:\programdata\regid.2016-04.com.megaxus.closers
2017-01-08 09:05 . 2017-01-08 09:05    --------    d-----w-    C:\Megaxus
2017-01-07 18:40 . 2017-01-07 18:40    --------    d-----w-    c:\program files\4KDownload
2017-01-07 12:37 . 2017-01-07 12:37    --------    d-----w-    c:\program files\Andromax M2Y
2017-01-06 13:23 . 2016-08-24 06:30    340992    ----a-w-    c:\windows\system32\ALRes409.dll
2017-01-06 12:11 . 2017-01-06 12:11    --------    d-----w-    c:\program files\Cheat Engine 6.6
2017-01-05 05:43 . 2017-01-05 05:47    --------    d-----w-    c:\program files\orgame
2017-01-05 05:24 . 2017-01-05 05:24    --------    d-----w-    C:\Crystal Saga 2
2017-01-05 03:47 . 2017-01-05 04:05    --------    d-----w-    c:\program files\Pirate King Online
2017-01-04 17:17 . 2017-01-04 17:18    --------    d-----w-    c:\program files\CCleaner
2017-01-02 13:24 . 2017-01-07 09:36    --------    d-----w-    c:\program files\MPC-HC
2016-12-29 09:05 . 2016-12-29 09:05    --------    d-----w-    c:\program files\Anomy
2016-12-29 07:12 . 2016-12-29 07:20    --------    d-----w-    c:\programdata\Package Cache
2016-12-28 17:46 . 2016-12-28 18:01    --------    d-----w-    c:\programdata\boost_interprocess
2016-12-28 17:45 . 2016-12-28 18:01    --------    d-----w-    c:\program files\ToolWagon
2016-12-28 09:48 . 2016-12-28 09:48    --------    d-----w-    c:\programdata\Wondershare
2016-12-27 16:58 . 2017-01-13 07:37    --------    d-----w-    c:\windows\system32\Macromed
2016-12-25 00:51 . 2017-01-11 08:54    219072    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-25 00:47 . 2017-01-11 08:56    63264    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-12-25 00:47 . 2017-01-11 08:54    39360    ----a-w-    c:\windows\system32\drivers\mbam.sys
2016-12-25 00:47 . 2017-01-10 06:09    153024    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-12-25 00:27 . 2017-01-10 05:18    --------    d-----w-    c:\programdata\Malwarebytes
2016-12-25 00:00 . 2017-01-07 05:43    --------    d-----w-    C:\[Smad-Cage]
2016-12-25 00:00 . 2017-01-15 06:48    --------    d-----w-    c:\program files\SMADAV
2016-12-23 15:58 . 2017-01-16 09:36    --------    d-----w-    C:\Knowing Bros
2016-12-23 15:06 . 2016-12-23 15:06    --------    d-----w-    c:\program files\Common Files\Java
2016-12-23 15:05 . 2016-12-23 15:05    95808    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2016-12-23 15:05 . 2016-12-23 15:07    --------    d-----w-    c:\programdata\Oracle
2016-12-23 15:04 . 2016-12-23 15:04    --------    d-----w-    c:\program files\Java
2016-12-23 15:00 . 2016-12-23 15:00    --------    d-----w-    c:\program files\7-Zip
2016-12-23 14:41 . 2016-11-09 12:52    8128688    ----a-w-    c:\windows\system32\GameMon.des
2016-12-23 14:40 . 2004-12-30 12:43    4682    ----a-w-    c:\windows\system32\npptNT2.sys
2016-12-23 14:40 . 2003-07-15 21:17    5174    ----a-w-    c:\windows\system32\nppt9x.vxd
2016-12-23 14:40 . 2016-12-23 14:40    --------    d-----w-    c:\program files\Common Files\INCA Shared
2016-12-23 07:26 . 2016-12-23 07:27    --------    d-----w-    c:\program files\K-Lite Codec Pack
2016-12-23 05:36 . 2017-01-04 17:19    --------    d-----w-    c:\windows\Panther
2016-12-23 04:58 . 2017-01-12 07:36    --------    d-----w-    c:\program files\Common Files\Enterbrain
2016-12-23 04:57 . 2016-12-23 04:57    --------    d-----w-    c:\program files\Enterbrain
2016-12-22 16:29 . 2016-12-23 02:16    --------    d-----w-    c:\program files\Common Files\Steam
2016-12-22 16:29 . 2017-01-07 19:41    --------    d-----w-    c:\program files\Steam
2016-12-22 16:27 . 2017-01-16 20:51    --------    d-----w-    C:\Warcraft III
2016-12-22 15:56 . 2016-10-26 09:29    407720    ------w-    c:\windows\system32\MpSigStub.exe
2016-12-22 15:52 . 2016-12-22 15:52    --------    d-----w-    c:\programdata\IDM
2016-12-22 15:51 . 2016-12-22 15:52    --------    d-----w-    c:\program files\Internet Download Manager
2016-12-22 15:51 . 2017-01-11 08:53    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2016-12-22 15:36 . 2016-12-22 15:36    --------    d-----w-    c:\programdata\NVIDIA
2016-12-22 15:34 . 2016-12-22 15:34    --------    d-----w-    c:\programdata\NVIDIA Corporation
2016-12-22 15:34 . 2016-12-22 15:35    --------    d-----w-    c:\program files\NVIDIA Corporation
2016-12-22 15:29 . 2016-12-22 15:31    --------    d-----w-    c:\program files\Common Files\Adobe
2016-12-22 15:25 . 2010-08-21 06:32    795104    ----a-w-    c:\windows\system32\dpinst.exe
2016-12-22 15:25 . 2010-08-21 06:32    56936    ----a-w-    c:\windows\system32\OpenCL.dll
2016-12-22 15:25 . 2010-08-21 06:32    4554856    ----a-w-    c:\windows\system32\nvcuda.dll
2016-12-22 15:25 . 2010-08-21 06:32    2893928    ----a-w-    c:\windows\system32\nvcuvid.dll
2016-12-22 15:25 . 2010-08-21 06:32    2506856    ----a-w-    c:\windows\system32\nvcuvenc.dll
2016-12-22 15:25 . 2010-08-21 06:32    236136    ----a-w-    c:\windows\system32\nvcod1925.dll
2016-12-22 15:25 . 2010-08-21 06:32    236136    ----a-w-    c:\windows\system32\nvcod.dll
2016-12-22 15:25 . 2010-08-21 06:32    1627240    ----a-w-    c:\windows\system32\nvapi.dll
2016-12-22 15:25 . 2010-08-21 06:32    14092904    ----a-w-    c:\windows\system32\nvoglv32.dll
2016-12-22 15:25 . 2010-08-21 06:32    10350120    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2016-12-22 15:25 . 2010-08-21 06:32    10267240    ----a-w-    c:\windows\system32\nvcompiler.dll
2016-12-22 15:25 . 2016-12-22 15:25    --------    d-----w-    C:\Drivers
2016-12-22 15:23 . 2005-09-14 19:17    20016    ------w-    c:\windows\system32\drivers\pxhelp20.sys
2016-12-22 15:23 . 2016-12-22 15:24    --------    d-----w-    c:\program files\Winamp
2016-12-22 15:22 . 2006-10-26 12:56    33104    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2016-12-22 15:22 . 2006-10-26 12:56    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2016-12-22 15:21 . 2016-12-22 15:21    --------    d-----w-    c:\program files\Microsoft Works
2016-12-22 15:20 . 2016-12-22 15:20    --------    d-----w-    c:\windows\PCHEALTH
2016-12-22 15:20 . 2017-01-06 14:24    --------    d-----w-    c:\program files\Microsoft.NET
2016-12-22 15:19 . 2016-12-22 15:19    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2016-12-22 15:19 . 2016-12-22 15:22    --------    d-----w-    c:\programdata\Microsoft Help
2016-12-22 15:19 . 2017-01-12 07:33    --------    d-sh--w-    c:\windows\Installer
2016-12-22 15:18 . 2016-12-22 15:18    --------    d-----r-    C:\MSOCache
2016-12-22 15:17 . 2005-05-26 08:34    2297552    ----a-w-    c:\windows\system32\d3dx9_26.dll
2016-12-22 15:16 . 2010-03-15 10:31    165376    ----a-w-    c:\windows\system32\unrar.dll
2016-12-22 14:55 . 2009-05-13 11:11    6504    ----a-w-    c:\windows\system32\drivers\ASACPI.sys
2016-12-22 14:55 . 2013-03-04 07:35    85064    ----a-w-    c:\windows\system32\RtNicProp32.dll
2016-12-22 14:55 . 2013-03-04 07:35    643656    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2016-12-22 14:55 . 2013-03-04 07:35    101448    ----a-w-    c:\windows\system32\RTNUninst32.dll
2016-12-22 14:55 . 2010-01-06 06:13    506368    ----a-w-    c:\windows\system32\sqlite3.dll
2016-12-22 14:46 . 2017-01-10 05:09    --------    d-----w-    c:\users\user
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-10-31 19:43    564736    ----a-w-    c:\users\user\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-10-31 19:43    564736    ----a-w-    c:\users\user\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-10-31 19:43    564736    ----a-w-    c:\users\user\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52    23520    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-12-15 4097136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\user\AppData\Local\MEGAsync\MEGAsync.exe [2016-11-10 5124560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
backup=c:\windows\pss\MEGAsync.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM?RT-Protection]
c:\program files\Smadav\SM?RTP.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 08:13    890776    ----a-w-    c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 08:13    114584    ----a-w-    c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-25 08:13    1010112    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-12-06 14:09    7253208    ----a-w-    c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 17:47    100648    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2016-12-14 06:15    2854352    ----a-w-    c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-09-22 13:00    661016    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2005-11-15 19:31    111616    ----a-w-    c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 CDROM_Eject_Smart;CDROM_Eject_Smart;c:\program files\Andromax M2Y\FI_Eject.exe [2015-05-15 2186240]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-01-11 39360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2017-01-11 39360]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2017-01-11 63264]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-01-11 63264]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 XDva535;XDva535;c:\windows\system32\XDva535.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 3463120]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2016-11-09 8128688]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-11 219072]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
.
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-13 07:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://123.itiankong.com/?2
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fmhs0bv9.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files\Malwarebytes Anti-Malware\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-18  02:06:52
ComboFix-quarantined-files.txt  2017-01-17 19:06
ComboFix2.txt  2017-01-06 18:46
.
Pre-Run: 11,660,369,920 bytes free
Post-Run: 11,547,934,720 bytes free
.
- - End Of File - - 0AF827A8996F9232914BE3134DFB5A0B
A36C5E4F47E84449FF07ED3517B43A31
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2017
Ran by user (administrator) on USER-PC (18-01-2017 02:08:51)
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(LuxInno S.A.) D:\X\Ranked Gaming Client\rgcp\rgcp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(MPC-HC Team) C:\Program Files\MPC-HC\mpc-hc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ranked Gaming) D:\X\Ranked Gaming Client\rgc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1736704 2017-01-15] (Smadsoft)
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4097136 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoUpdateCheck] 0
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-01-12]
ShortcutTarget: MEGAsync.lnk -> C:\Users\user\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{72FCE971-51BA-4EEC-8EF7-1B349A4A1ED6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C5110869-A858-4687-937E-4403FD0084F2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3768A2A-4153-4D43-85BE-7E3697C75A95}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3393853819-73074403-155253753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://123.itiankong.com/?2
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3393853819-73074403-155253753-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fmhs0bv9.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fmhs0bv9.default [2017-01-18]
FF Homepage: Mozilla\Firefox\Profiles\fmhs0bv9.default -> google.com
FF Extension: (anonymoX) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fmhs0bv9.default\Extensions\client@anonymox.net.xpi [2016-12-25]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-12-22] [not signed]
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2017-01-17] [not signed]
FF HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-23] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-3393853819-73074403-155253753-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files\orgame\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CDROM_Eject_Smart; C:\Program Files\Andromax M2Y\FI_Eject.exe [2186240 2015-05-15] () [File not signed]
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3463120 2016-12-14] (Malwarebytes) [File not signed]
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [143648 2006-10-27] (Microsoft Corporation) [File not signed]
S4 npggsvc; C:\Windows\system32\GameMon.des [8128688 2016-11-09] (INCA Internet Co., Ltd.)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [518960 2006-10-26] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [218912 2006-10-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-11] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-11] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-11] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-11] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2005-09-15] (Sonic Solutions) [File not signed]
R3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 02:06 - 2017-01-18 02:06 - 00017957 _____ C:\ComboFix.txt
2017-01-17 17:36 - 2017-01-18 02:08 - 00000000 ____D C:\FRST
2017-01-17 16:09 - 2017-01-17 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline
2017-01-16 09:43 - 2017-01-16 09:43 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sunyiru
2017-01-13 14:39 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-13 14:39 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-13 14:39 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-13 14:39 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-13 14:39 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-13 14:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-13 14:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-13 14:37 - 2017-01-18 02:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 14:37 - 2017-01-13 14:37 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-13 14:37 - 2017-01-13 14:37 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-13 14:35 - 2017-01-13 14:35 - 17137226 _____ C:\Users\user\Downloads\leave2gether-v12.swf
2017-01-12 14:33 - 2017-01-12 14:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2017-01-11 01:43 - 2017-01-18 02:07 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-01-11 01:29 - 2017-01-11 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-10 12:19 - 2017-01-11 15:55 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 12:18 - 2017-01-10 12:18 - 00002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 12:18 - 2017-01-10 12:18 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-10 12:18 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-10 12:09 - 2017-01-10 12:09 - 00000440 __RSH C:\Users\user\ntuser.pol
2017-01-10 12:01 - 2017-01-10 12:01 - 00002318 _____ C:\Users\Public\Desktop\Virus Effect Remover.lnk
2017-01-10 12:01 - 2017-01-10 12:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Secure Lab
2017-01-10 12:01 - 2017-01-10 12:01 - 00000000 ____D C:\Program Files\Virus Secure Lab
2017-01-09 16:03 - 2017-01-09 16:04 - 00001205 _____ C:\Users\user\Downloads\FixNCR.reg
2017-01-09 15:33 - 2017-01-09 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 16:11 - 2017-01-08 16:11 - 00000000 ____D C:\Users\user\AppData\Roaming\CWPatcher
2017-01-08 16:11 - 2017-01-08 16:11 - 00000000 ____D C:\Users\user\AppData\Roaming\CW
2017-01-08 16:10 - 2017-01-08 16:10 - 00001786 _____ C:\Users\Public\Desktop\Closers Online Website.lnk
2017-01-08 16:10 - 2017-01-08 16:10 - 00001706 _____ C:\Users\Public\Desktop\Closers Online.lnk
2017-01-08 16:05 - 2017-01-08 16:10 - 00000000 ____D C:\ProgramData\regid.2016-04.com.megaxus.closers
2017-01-08 16:05 - 2017-01-08 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megaxus
2017-01-08 16:05 - 2017-01-08 16:05 - 00000000 ____D C:\Megaxus
2017-01-08 01:40 - 2017-01-08 01:40 - 00001214 _____ C:\Users\user\Desktop\4K Video Downloader.lnk
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\Users\user\AppData\Local\4kdownload.com
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-01-08 01:40 - 2017-01-08 01:40 - 00000000 ____D C:\Program Files\4KDownload
2017-01-07 19:37 - 2017-01-07 19:37 - 00000000 ____D C:\Program Files\Andromax M2Y
2017-01-07 01:10 - 2011-06-26 13:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-07 01:10 - 2010-11-08 00:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-07 01:10 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-07 01:10 - 2000-08-31 07:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-07 01:09 - 2017-01-18 02:06 - 00000000 ____D C:\Qoobox
2017-01-07 01:09 - 2017-01-09 16:00 - 00000000 ____D C:\Users\user\Desktop\mbar
2017-01-07 01:09 - 2017-01-07 01:43 - 00000000 ____D C:\Windows\erdnt
2017-01-07 01:06 - 2017-01-07 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-06 20:23 - 2016-08-24 13:30 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\ALRes409.dll
2017-01-06 19:11 - 2017-01-06 19:11 - 00001039 _____ C:\Users\user\Desktop\Cheat Engine.lnk
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\Users\user\Documents\My Cheat Tables
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-01-06 19:11 - 2017-01-06 19:11 - 00000000 ____D C:\Program Files\Cheat Engine 6.6
2017-01-05 14:48 - 2017-01-05 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\AnkamaCertificates
2017-01-05 14:47 - 2017-01-05 15:00 - 00000008 _____ C:\Users\user\AppData\Roaming\DofusAppId0_1
2017-01-05 14:47 - 2017-01-05 15:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Dofus
2017-01-05 14:47 - 2017-01-05 14:47 - 00000113 _____ C:\Users\user\AppData\Roaming\D2Info0
2017-01-05 14:47 - 2017-01-05 14:47 - 00000008 _____ C:\Users\user\AppData\Roaming\DofusAppId0_2
2017-01-05 14:47 - 2017-01-05 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Reg
2017-01-05 14:47 - 2017-01-05 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Dofus-2
2017-01-05 12:43 - 2017-01-05 12:47 - 00000000 ____D C:\Program Files\orgame
2017-01-05 12:43 - 2017-01-05 12:43 - 00000965 _____ C:\Users\Public\Desktop\orgame.lnk
2017-01-05 12:43 - 2017-01-05 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\orgame
2017-01-05 12:24 - 2017-01-05 12:50 - 00000642 _____ C:\Users\user\Desktop\Crystal Saga 2.lnk
2017-01-05 12:24 - 2017-01-05 12:24 - 00000000 ____D C:\Crystal Saga 2
2017-01-05 11:30 - 2017-01-05 15:03 - 00000000 ____D C:\Users\user\AppData\Local\Ankama
2017-01-05 10:47 - 2017-01-05 11:05 - 00000000 ____D C:\Program Files\Pirate King Online
2017-01-05 00:18 - 2017-01-05 00:18 - 00000961 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-05 00:18 - 2017-01-05 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-05 00:17 - 2017-01-05 00:18 - 00000000 ____D C:\Program Files\CCleaner
2017-01-02 20:24 - 2017-01-07 16:36 - 00001819 _____ C:\Users\user\Desktop\MPC-HC.lnk
2017-01-02 20:24 - 2017-01-07 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-01-02 20:24 - 2017-01-07 16:36 - 00000000 ____D C:\Program Files\MPC-HC
2017-01-02 17:29 - 2017-01-05 00:20 - 00000000 ____D C:\Windows\pss
2016-12-29 16:05 - 2016-12-29 16:05 - 00001007 _____ C:\Users\user\Desktop\anomy.exe - Shortcut.lnk
2016-12-29 16:05 - 2016-12-29 16:05 - 00000000 ____D C:\Program Files\Anomy
2016-12-29 14:29 - 2016-12-29 14:29 - 00000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2016-12-29 14:29 - 2016-12-29 14:29 - 00000000 ____D C:\Users\user\AppData\Local\Kalyskah_RPG
2016-12-29 14:21 - 2015-06-07 06:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-12-29 14:21 - 2015-06-07 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-12-29 14:12 - 2016-12-29 14:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-29 00:55 - 2017-01-07 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\MacroCommerce
2016-12-29 00:55 - 2016-12-29 00:55 - 00000000 ____D C:\Users\user\AppData\Roaming\qmacro
2016-12-29 00:55 - 2016-12-29 00:55 - 00000000 ____D C:\Users\user\AppData\Roaming\MyMacro
2016-12-29 00:47 - 2016-12-29 00:47 - 00000000 ____D C:\Users\user\AppData\Roaming\SGuoBrowser
2016-12-29 00:46 - 2016-12-29 01:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-29 00:46 - 2016-12-29 00:46 - 00000000 ____D C:\Users\user\AppData\Local\webgameAgent
2016-12-29 00:46 - 2016-12-29 00:46 - 00000000 ____D C:\Users\user\AppData\Local\ToolWagon
2016-12-29 00:45 - 2016-12-29 01:01 - 00000000 ____D C:\Program Files\ToolWagon
2016-12-29 00:45 - 2016-12-29 00:45 - 00000000 ____D C:\Users\user\AppData\Local\ToolWagonSetupSkinZS
2016-12-28 16:48 - 2016-12-28 16:48 - 00000000 ____D C:\ProgramData\Wondershare
2016-12-28 16:47 - 2016-12-28 16:47 - 00000000 ____D C:\Users\user\AppData\Local\Wondershare
2016-12-28 15:53 - 2016-12-28 15:53 - 00000000 ____D C:\Users\user\AppData\Local\Glassix
2016-12-28 15:53 - 2016-12-28 15:53 - 00000000 ____D C:\Users\user\AppData\Local\Crashpad
2016-12-28 14:07 - 2017-01-17 22:26 - 00000000 ____D C:\Users\user\Documents\MEGAsync Downloads
2016-12-28 14:06 - 2017-01-07 15:24 - 00001007 _____ C:\Users\user\Desktop\MEGAsync.lnk
2016-12-28 14:06 - 2016-12-29 07:06 - 00000000 ___RD C:\Users\user\Documents\MEGA
2016-12-28 14:06 - 2016-12-28 14:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-28 14:06 - 2016-12-28 14:06 - 00000000 ____D C:\Users\user\AppData\Local\Mega Limited
2016-12-28 14:05 - 2017-01-07 15:24 - 00000000 ____D C:\Users\user\AppData\Local\MEGAsync
2016-12-28 00:00 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2016-12-28 00:00 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2016-12-27 23:58 - 2017-01-13 14:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-27 00:58 - 2016-12-27 00:58 - 00002636 _____ C:\Users\user\Desktop\BitTorrent.lnk
2016-12-27 00:58 - 2016-12-27 00:58 - 00002636 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-27 00:57 - 2017-01-15 21:48 - 00000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
2016-12-25 10:32 - 2017-01-07 19:37 - 00001009 _____ C:\Users\Public\Desktop\Andromax M2Y.lnk
2016-12-25 10:32 - 2017-01-07 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y
2016-12-25 07:51 - 2017-01-11 15:54 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-25 07:47 - 2017-01-11 15:56 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-25 07:47 - 2017-01-11 15:54 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-25 07:47 - 2017-01-10 13:09 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-25 07:27 - 2017-01-10 12:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-25 07:00 - 2017-01-15 13:48 - 00000684 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2016-12-25 07:00 - 2017-01-15 13:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Smadav
2016-12-25 07:00 - 2017-01-15 13:48 - 00000000 ____D C:\Program Files\SMADAV
2016-12-25 07:00 - 2017-01-07 12:43 - 00000000 ____D C:\[Smad-Cage]
2016-12-25 07:00 - 2016-12-25 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2016-12-24 04:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-24 04:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-24 04:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-24 04:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-24 04:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-24 04:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-24 04:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-24 04:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-24 04:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-24 04:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-24 04:18 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-24 04:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-24 04:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-24 04:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-24 04:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-24 04:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-24 04:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-24 04:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-24 04:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-24 04:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-24 04:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-24 04:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-24 04:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-24 04:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-24 04:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-24 04:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-24 04:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-24 04:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-24 04:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-24 04:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-24 04:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-24 04:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-24 04:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-24 04:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-24 04:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-24 04:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-12-24 04:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-12-24 04:18 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-12-24 04:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-24 04:18 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-12-24 04:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-12-24 04:18 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-12-24 04:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-12-24 04:18 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-12-24 04:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-12-24 04:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-24 04:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-12-24 04:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-12-24 04:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-12-24 04:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-12-24 04:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-12-23 22:58 - 2017-01-16 16:36 - 00000000 ____D C:\Knowing Bros
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2016-12-23 22:06 - 2016-12-23 22:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-12-23 22:05 - 2016-12-23 22:07 - 00000000 ____D C:\ProgramData\Oracle
2016-12-23 22:05 - 2016-12-23 22:05 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-12-23 22:05 - 2016-12-23 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-23 22:04 - 2016-12-23 22:04 - 00000000 ____D C:\Program Files\Java
2016-12-23 22:00 - 2016-12-23 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-23 22:00 - 2016-12-23 22:00 - 00000000 ____D C:\Program Files\7-Zip
2016-12-23 21:41 - 2016-11-09 19:52 - 08128688 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2016-12-23 21:40 - 2016-12-23 21:40 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-12-23 21:40 - 2004-12-30 19:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2016-12-23 21:40 - 2003-07-16 04:17 - 00005174 _____ C:\Windows\system32\nppt9x.vxd
2016-12-23 21:05 - 2016-12-23 21:05 - 00000000 ____D C:\Users\user\AppData\Local\KADOKAWA
2016-12-23 21:02 - 2017-01-12 15:37 - 00000000 ____D C:\Users\user\AppData\Roaming\RenPy
2016-12-23 14:26 - 2016-12-23 14:27 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-12-23 14:26 - 2016-12-23 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-12-23 14:23 - 2016-12-23 14:23 - 00000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2016-12-23 12:42 - 2016-12-23 12:42 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-12-23 12:41 - 2017-01-18 01:59 - 00326637 _____ C:\Windows\WindowsUpdate.log
2016-12-23 12:41 - 2016-12-29 14:15 - 00000000 ____D C:\Windows\SoftwareDistribution
2016-12-23 12:41 - 2016-12-23 12:41 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-12-23 12:40 - 2016-12-23 12:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-12-23 12:39 - 2017-01-17 17:22 - 00000000 ____D C:\Windows\Prefetch
2016-12-23 12:38 - 2017-01-18 01:54 - 00000000 __SHD C:\System Volume Information
2016-12-23 12:38 - 2017-01-17 17:21 - 2146623488 ___SH C:\pagefile.sys
2016-12-23 12:38 - 2017-01-17 17:21 - 1609965568 ___SH C:\hiberfil.sys
2016-12-23 12:36 - 2017-01-05 00:19 - 00000000 ____D C:\Windows\Panther
2016-12-23 11:58 - 2017-01-12 14:36 - 00000000 ____D C:\Program Files\Common Files\Enterbrain
2016-12-23 11:58 - 2017-01-05 00:31 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC
2016-12-23 11:58 - 2016-12-23 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX Ace
2016-12-23 11:57 - 2016-12-23 11:57 - 00000000 ____D C:\Users\user\AppData\Local\Programs
2016-12-23 11:57 - 2016-12-23 11:57 - 00000000 ____D C:\Program Files\Enterbrain
2016-12-23 05:08 - 2016-12-28 16:48 - 00110000 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 23:38 - 2016-12-22 23:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-22 23:36 - 2016-12-23 11:05 - 00000000 ____D C:\Users\user\AppData\Local\Steam
2016-12-22 23:36 - 2016-12-22 23:36 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
2016-12-22 23:36 - 2016-12-22 23:36 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2016-12-22 23:29 - 2017-01-08 02:41 - 00000000 ____D C:\Program Files\Steam
2016-12-22 23:29 - 2016-12-23 09:16 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-12-22 23:27 - 2017-01-17 03:51 - 00000000 ____D C:\Warcraft III
2016-12-22 23:06 - 2017-01-05 00:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Player Classic
2016-12-22 23:04 - 2016-12-22 23:04 - 00002755 _____ C:\Users\user\Desktop\K.wpl - Shortcut.lnk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\zwjvhcytwbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\xibfo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\uivgphjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tzhdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\togl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tnlcyha
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zzmbkjttcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyowns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyadeizbstq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxykwvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxntsmpkns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxlhpcxet
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvybg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxxfsps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxuplfqaiv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zufsomdnqb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zprns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zph
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\znubd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmulmsalvp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmpm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zlvlgaoro.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkvadtmlfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zhbezzk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgtn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgdzvuq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zfxbo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zerryde
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zdo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zbu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zayfbnltwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yzvlitevcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yztg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywjmsytb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywcotf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yueiza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yrvdebxgrzt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yruogei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqwnxmuqkr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqjwaqwjrgn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypwgam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ynbpico.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yjbyky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yifbtom
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yhvfljhx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yft.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfguqg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfddtyco.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeubbz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeqc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybnso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybcwdcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yajdu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yacxpunyz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xxfxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwolbkcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwfjdkdtixu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xuyoohmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xsdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjnqaxgslz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjmwls.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xratz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xogeiasqdx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnrwoffi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnaaiqyn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xlaoaq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xkiazoygsu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xivldzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xitroqxj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhxj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhliavnncf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhjvdk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhepiahgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xfor.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdnu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbwudob.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbeumyws.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xabxrnwognq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wztapis.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvpmojcpagc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvmaql.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wuienx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wtkvqxla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wriuwbh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wrfmrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wqnbogohpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpushbesv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wooq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnzrlwgymia
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwpuad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmsxmgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcwjfwebcg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcbsqz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmaeoulj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wltgfaapaxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wlagsxpfnjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wkaig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjjkwjxof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\winwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgjy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgfzxqxc.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgekhz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wchut
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wbyqcoru
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vylysjgigsp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vydky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vxamvnvecd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwvpxtf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vuzy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vutlo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vtccpjjxhbl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vqzkhuu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vpymgh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlzenqzgwi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vltbvctcek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlhw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vky.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhuya
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhgdwwy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vgkauki
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vexcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vekhfmquvd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vedcfvtun
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vcwbqe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uykjvcews
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uvhkeoo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uuknvmo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\usbsjhq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urupvqobgah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urfoeuqrrvx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upwhfcfpq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upqsk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umckcky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umblkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ukqsipcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujurc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujupkolaxz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujemlvpjgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uilhoi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uhgxcxne.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ugh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\udixx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ubomomrwsdk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uaqqwmjt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\txkpazbbtc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tvumtdvg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tviuuwtwvs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tubh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tttpgilubhz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trpcwzo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trjhziwhqax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tqkrkktdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tplabizkfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tparier
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmksiwyo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmiduq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmhmpisgrjb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tjerrruiu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tixbprzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgysztaa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\teatwcjgoq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tcu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\szanch.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sxngztzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swucw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swrosmstc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swmx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\svh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\surl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\strlohjio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sthnpbr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srceeuuzog
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sqrvkkbktxz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sntlrnm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slvwlpnaqo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slfzi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skjqlknoa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skcx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjzadmi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjfso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sghtkpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfxzlgg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfsz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzyxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzuc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rybqxma
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rxlxmq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwwmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwumiig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rvitifkhda.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ruwy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rumiqlhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtssxvscl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtsquze.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rrbddpfknf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rquw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rpz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnixg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnaxcorvnpm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rmkgnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rlxrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rkdkyehqiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rjzxhrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rilkwzwyil.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\riffaw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rifbww.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhrrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfmfahwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfbddh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rckntimj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbou.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qzegqoobxiy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qxbus.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qwdspx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qvt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\quqsl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qttwzyei.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qswzofzltsi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qsopsnklrnj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qrpcq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqewpfdl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqmnchoguw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qpghwlpi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qogqdj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qnretzig.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qncintxhpbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qmlr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qldlx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qjhrojfdm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qhyfrlwcpck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qheefqe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qebywplco
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcyfwezkrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbvhrrhf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbqeurlah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbdvroefxtf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qayekwvmsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwlwjlqf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwalonerzam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pvsbacopgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\puxozpwjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptuhkoey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptfcgaof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptcwmepfq.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psxulyb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psuezqksw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqognjycvt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqjjgvrcrr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ppmurgqnqi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pplmagu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjtdqi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjjipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\phcioojd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgmxllhrgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pffkxpns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pepxq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pefaimbebk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pedcjlq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pdqrcouep
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pctk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcpmvigyknw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcnbisr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pclkwlz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pbzcnzjjax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pathdekgnl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oylo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oybbndhpat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxxpcqneqfk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxsta
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ousspnt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ourtunrnnc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otvbczqzr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otorwgb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otngpkqlgc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqljnan
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opnaypiuh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofzxmm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofsbkfk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oocihv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ooaomuyhvz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\onuhfaqdr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\omgkwcqmzh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olwz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olvkvxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhitsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhdsirhbjm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olcfhmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\okbzdweogsf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ojlw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oicryjbsxhd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ohfmfxmgnvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogknbwh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odpeuveeirg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odklrkid
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odieozehykz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ocduhsoaeky.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\obfbsckxiuv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nysjggwyrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nybrohbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvolurg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvdkhnrqwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ntpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nreadmitf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nqxtrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npuailglpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\noyqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nnzey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nlzvfpgxhuw.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\netcd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ndpxrjvfik.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\narceunvfsr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mzquaye
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mxdvmytw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwzhlh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwuwz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvxgdkyrjxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvhxlyyr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvfhxic
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\msbwl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mrprxeehpe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpvauzxwdz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpuqpwyjjoe.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mlfml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mkyszmt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\minowwpnhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mimsxzkfsba
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhymnl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhefcltipun.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mftkul
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mfpfkyzrxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mflohpswrxl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mcrrrdylbyb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbufohzbd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbpbf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbcuyqp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\maynwlp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lzjqvgauzfs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lxjydaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwohwwxa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwcnbd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvzw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvjfqnrfy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltcbbxm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrwldsbcq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrotxpqhol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqya.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqpksm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lptdlhqltgj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnuzijew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmti
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmkwvtfa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lljl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lklnirnii
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\litvwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\liif.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lhlcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lffhqjpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lfdwrke
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lervczxc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lepkgvz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldypa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldna.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lbial
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kykkyyjuomq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kxfziwiehxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ktkvvqws.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kppamcnflm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kokjkgnayl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knkpjcuzkb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kmgbr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkxlvn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkrk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvzwobzke.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvgkvsar
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\khzpcmbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kgqeevfnt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfzlj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfkegdfzsmf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kffzqte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kcd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kblu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kagoeryt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kaddzumq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxvemnjznu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxqxva.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvpytddxshm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvanbm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\junn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jtdznq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsslx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsgzsb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jscxtijpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jresfclof
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jmpx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jkne
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jhvyfmljeob
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfuwpyqkkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfilvhux
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jes
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jeoc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jecbuzopv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jdlshte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jclas
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jazdltqdat.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iyao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ixrmyzmuf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ivz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iuzsgndntd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\itshnv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ithugwck.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\isnvgwxvzx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipldozicq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipdnxhip
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iooy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iobspad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\imisiwl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ilppyukvb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikvd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikugogpknz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikitzfwrlzd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ihxkhtew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igwyc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifwyys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifvbafbi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifhfyantlzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iecx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\idzfxu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iduxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ict.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ibqvywo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iarssnndg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hzooveshuhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hznd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxpuo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxokmtz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hwsfdvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hvbzrysf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hulemjbpzih.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\huiqk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htubwk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htmhmor
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hsxps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrqwp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrfumedgw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqwxnfwmq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqofa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hoboh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hmzimwaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hiushfclfla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\higwf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hhxjfatux.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgdxppghmnp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfbtzuzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfaptb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbqnkzjqm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbduxvmv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gzswrdxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxveh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxiglgpq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwyphivwam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwegf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwcogj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gvsgjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gtkrjpla
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gsztiwpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswxesatox.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswssvrjl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gqr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gksspjwk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gjrxn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gityrsbrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\giemuzl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghgeryzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghdvcccqxcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ggjxmqh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gfgr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gecrm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gdsbvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gcgii.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gbx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gazeenlg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ganwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fzzu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fyvyvw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxwpiwys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsopbrrnag
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsjfcnvfjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\frznpwqgbxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fqat.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fonbotjzdzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnyj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnxe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnwncbqssp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fmlgoxxnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fkuuzbgv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fjpkjgod
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhsongrcc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhagevihj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fcibhhrxsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ezafudvoiyt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\evpk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eswjlbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\erauoi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eqartqwjeg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epvvbcvej
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epuzw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eng
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eiwxqfsa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ehe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egskehx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egeegu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\efwxeovrva
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eesejbzog.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eebifxejokv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edsljcdivuy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edovnmlhmu.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ecqooiby
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebwmf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebeblkboibi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eafryqglx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dzna
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dxrnzku.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dtxfol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqeavzgp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqajfj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dpfrqyaznoo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dows
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dogequdlcho
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmuuqmc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmtlsnues.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dkfd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\djzobvavx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dizbniz.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgppwo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgckkqqq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfswulgomz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfol.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfdenbmhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\detwvkklv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\defhdp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dbsbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daltzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daflhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cxoab
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cwr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctxnogspj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cqbt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cprceg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cntaml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cjsvjsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cixpn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\civwzqm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cheng.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cguaohd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cfclssx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cdntf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbqynozbpo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbgvboorrjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cakqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzyz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzkhikmncyf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\byoqvakieh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bycuny
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bxqecmpfn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bulcyfilrrd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsxkwl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsmobir.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bpajjydv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bmpedqmgmxo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\blxcchdo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bloulzqvnrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bfsdlrscmiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\betjex.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bacdzugy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azuxhafgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azepwokxctz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ayyyufnvi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\axxvniyw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auqopa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auemdu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aso.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arsimaqa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arembuqqlhl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aqluxxpvzxz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\apluecjxljh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aotnjwxb.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alswcpnkwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alpzadzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akophcvl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akjgqsepny.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajnzyssdz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajfm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aihwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ahlkupje
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\agd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\afocvlmwd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aesvs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\adpgegoatcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aclcvmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\abqj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aaydghedumh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\rnni.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\refyhravcw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\qgqkumwr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pxluctu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pnaphwmzlgp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\oaap
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\nhs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lzuovdq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lyi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lqrbl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\kragnbr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\jnpltjziixr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\iurduaasebj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\hihw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\grgqrvb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\fas.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\err.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ejxebk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\eewo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ecisfvuhpa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dwbwxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dehidfjtpt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\cpznhdhikek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\baxqskha.dat
2016-12-22 22:56 - 2016-10-26 16:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-12-22 22:52 - 2017-01-18 02:04 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2016-12-22 22:52 - 2017-01-18 01:52 - 00000000 ____D C:\Users\user\Downloads\Programs
2016-12-22 22:52 - 2017-01-18 00:50 - 00000000 ____D C:\Users\user\Downloads\Video
2016-12-22 22:52 - 2017-01-16 12:02 - 00000000 ____D C:\Users\user\Downloads\Music
2016-12-22 22:52 - 2017-01-16 10:12 - 00000000 ____D C:\Users\user\Downloads\Compressed
2016-12-22 22:52 - 2017-01-13 14:35 - 00000000 ____D C:\Users\user\AppData\Roaming\IDM
2016-12-22 22:52 - 2016-12-22 22:52 - 00000000 ____D C:\Users\user\Downloads\Documents
2016-12-22 22:52 - 2016-12-22 22:52 - 00000000 ____D C:\ProgramData\IDM
2016-12-22 22:51 - 2017-01-11 15:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-22 22:51 - 2017-01-09 15:24 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-22 22:51 - 2017-01-09 15:24 - 00001101 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-22 22:51 - 2016-12-22 22:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-12-22 22:51 - 2016-12-22 22:51 - 00000975 _____ C:\Users\user\Desktop\Internet Download Manager.lnk
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-22 22:51 - 2016-12-22 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-22 22:44 - 2016-12-28 00:00 - 00000000 ___SD C:\Users\user\AppData\LocalLow\Microsoft
2016-12-22 22:42 - 2016-12-22 22:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-22 22:36 - 2016-12-22 22:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-22 22:34 - 2016-12-22 22:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-22 22:34 - 2016-12-22 22:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-22 22:31 - 2017-01-13 14:38 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-12-22 22:31 - 2016-12-28 00:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-12-22 22:31 - 2016-12-22 22:33 - 00001996 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-12-22 22:31 - 2016-12-22 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-12-22 22:29 - 2016-12-22 22:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-22 22:29 - 2016-12-22 22:30 - 00000000 ____D C:\ProgramData\Adobe
2016-12-22 22:29 - 2016-12-22 22:29 - 00000000 ____D C:\Program Files\Adobe
2016-12-22 22:25 - 2016-12-22 22:25 - 00000000 ____D C:\Drivers
2016-12-22 22:25 - 2010-08-21 13:32 - 14092904 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 10350120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-22 22:25 - 2010-08-21 13:32 - 10267240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 04554856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 02893928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 02506856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 01627240 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00795104 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe
2016-12-22 22:25 - 2010-08-21 13:32 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1925.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00056936 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-22 22:25 - 2010-08-21 13:32 - 00010920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2016-12-22 22:25 - 2010-08-21 13:32 - 00008624 _____ C:\Windows\system32\nvinfo.pb
2016-12-22 22:23 - 2016-12-22 22:24 - 00000000 ____D C:\Program Files\Winamp
2016-12-22 22:23 - 2016-12-22 22:23 - 00000933 _____ C:\Users\user\Desktop\Winamp.lnk
2016-12-22 22:23 - 2016-12-22 22:23 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
2016-12-22 22:23 - 2016-12-22 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-12-22 22:23 - 2005-09-15 02:17 - 00462848 ____N (Sonic Solutions) C:\Windows\system32\px.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00319488 ____N (Sonic Solutions) C:\Windows\system32\pxdrv.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00286720 ____N (Sonic Solutions) C:\Windows\system32\pxwave.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00143360 ____N (Sonic Solutions) C:\Windows\system32\pxmas.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00053248 ____N C:\Windows\system32\pxhpinst.exe
2016-12-22 22:23 - 2005-09-15 02:17 - 00028672 ____N (Sonic Solutions) C:\Windows\system32\vxblock.dll
2016-12-22 22:23 - 2005-09-15 02:17 - 00020016 ____N (Sonic Solutions) C:\Windows\system32\Drivers\pxhelp20.sys
2016-12-22 22:22 - 2016-12-22 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-12-22 22:22 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Works
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2016-12-22 22:21 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-22 22:20 - 2017-01-06 21:24 - 00000000 ____D C:\Program Files\Microsoft.NET
2016-12-22 22:20 - 2016-12-22 22:20 - 00000000 ____D C:\Windows\PCHEALTH
2016-12-22 22:19 - 2017-01-12 14:33 - 00000000 __SHD C:\Windows\Installer
2016-12-22 22:19 - 2016-12-22 22:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-22 22:19 - 2016-12-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-22 22:19 - 2016-12-22 22:19 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2016-12-22 22:19 - 2016-12-22 22:19 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-12-22 22:18 - 2016-12-22 22:18 - 00000000 ___RD C:\MSOCache
2016-12-22 22:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-12-22 22:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-12-22 22:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-12-22 22:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-12-22 22:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-12-22 22:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-12-22 22:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-12-22 22:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-12-22 22:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-12-22 22:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-12-22 22:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-12-22 22:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-12-22 22:16 - 2010-03-15 17:31 - 00165376 _____ C:\Windows\system32\unrar.dll
2016-12-22 22:15 - 2017-01-05 00:19 - 00000000 ____D C:\Windows\Minidump
2016-12-22 22:14 - 2016-12-22 22:16 - 00002317 _____ C:\Users\user\Desktop\Google Chrome.lnk
2016-12-22 22:14 - 2016-12-22 22:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-12-22 22:14 - 2016-12-22 22:14 - 00000000 ____D C:\Users\user\AppData\Local\Google
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\ProgramData\Mozilla
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-22 22:13 - 2016-12-22 22:13 - 00000000 ____D C:\Program Files\WinRAR
2016-12-22 21:56 - 2017-01-17 04:18 - 03239469 ____H C:\Users\user\AppData\Local\IconCache.db
2016-12-22 21:55 - 2016-12-22 21:55 - 00004848 _____ C:\Windows\EasyDrv5_20161222_215455.ed5log
2016-12-22 21:55 - 2013-03-04 14:35 - 00643656 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2016-12-22 21:55 - 2013-03-04 14:35 - 00101448 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2016-12-22 21:55 - 2013-03-04 14:35 - 00085064 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2016-12-22 21:55 - 2010-01-06 13:13 - 00506368 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2016-12-22 21:55 - 2009-05-13 18:11 - 00006504 _____ () C:\Windows\system32\Drivers\ASACPI.sys
2016-12-22 21:50 - 2016-12-22 21:50 - 00001409 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-22 21:47 - 2017-01-12 15:00 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-22 21:47 - 2017-01-02 10:47 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-12-22 21:47 - 2016-12-22 21:50 - 00000402 ___SH C:\Users\user\Documents\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000338 ___SH C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000282 ___SH C:\Users\user\Downloads\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000282 ___SH C:\Users\user\Desktop\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000174 ___SH C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Searches
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Contacts
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-22 21:47 - 2016-12-22 21:50 - 00000000 ____D C:\Users\user\AppData\Roaming\Identities
2016-12-22 21:46 - 2017-01-18 02:09 - 02359296 ___SH C:\Users\user\NTUSER.DAT
2016-12-22 21:46 - 2017-01-18 02:09 - 00262144 ___SH C:\Users\user\ntuser.dat.LOG1
2016-12-22 21:46 - 2017-01-18 02:09 - 00000000 ____D C:\Users\user\AppData\Local\Temp
2016-12-22 21:46 - 2017-01-18 01:56 - 00000000 ___RD C:\Users\user\Desktop
2016-12-22 21:46 - 2017-01-18 01:55 - 00000000 ____D C:\Users\user\AppData\Roaming
2016-12-22 21:46 - 2017-01-18 00:41 - 00000000 ___RD C:\Users\user\Downloads
2016-12-22 21:46 - 2017-01-17 17:26 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-22 21:46 - 2017-01-16 09:43 - 00000000 ____D C:\Users\user\AppData\LocalLow
2016-12-22 21:46 - 2017-01-12 14:33 - 00000000 ___SD C:\Users\user\AppData\Roaming\Microsoft
2016-12-22 21:46 - 2017-01-10 12:09 - 00000000 ____D C:\Users\user
2016-12-22 21:46 - 2017-01-08 01:41 - 00000000 ___RD C:\Users\user\Videos
2016-12-22 21:46 - 2017-01-08 01:40 - 00000000 ____D C:\Users\user\AppData\Local
2016-12-22 21:46 - 2017-01-07 01:39 - 00000000 ___HD C:\Users\user\AppData
2016-12-22 21:46 - 2017-01-06 19:11 - 00000000 ___RD C:\Users\user\Documents
2016-12-22 21:46 - 2017-01-02 05:15 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft
2016-12-22 21:46 - 2016-12-28 14:07 - 00000000 ___RD C:\Users\user\Links
2016-12-22 21:46 - 2016-12-24 22:41 - 00000000 ___RD C:\Users\user\Pictures
2016-12-22 21:46 - 2016-12-22 23:04 - 00000000 ___RD C:\Users\user\Music
2016-12-22 21:46 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Saved Games
2016-12-22 21:46 - 2016-12-22 21:50 - 00000000 ___RD C:\Users\user\Favorites
2016-12-22 21:46 - 2016-12-22 21:46 - 00524288 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 21:46 - 2016-12-22 21:46 - 00524288 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2016-12-22 21:46 - 2016-12-22 21:46 - 00065536 ___SH C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
2016-12-22 21:46 - 2016-12-22 21:46 - 00000020 ___SH C:\Users\user\ntuser.ini
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Templates
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Start Menu
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\SendTo
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Recent
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\PrintHood
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\NetHood
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\My Documents
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Local Settings
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Videos
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Pictures
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Documents\My Music
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Cookies
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\Application Data
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\Temporary Internet Files
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\History
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 _SHDL C:\Users\user\AppData\Local\Application Data
2016-12-22 21:46 - 2016-12-22 21:46 - 00000000 ___SH C:\Users\user\ntuser.dat.LOG2
2016-12-22 21:46 - 2011-04-12 09:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Center Programs
2016-12-22 21:46 - 2009-07-14 11:42 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-22 21:46 - 2009-07-14 11:37 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 02:04 - 2009-07-14 09:04 - 00000250 _____ C:\Windows\system.ini
2017-01-18 01:23 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-18 01:23 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-17 17:26 - 2010-11-21 04:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 17:26 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2017-01-17 17:21 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-10 11:58 - 2009-07-14 09:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-07 16:38 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-07 12:33 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\ModemLogs
2016-12-29 12:53 - 2009-07-14 11:33 - 00412520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-29 07:06 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public\Documents
2016-12-28 16:46 - 2009-07-14 09:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-25 07:44 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\wdi
2016-12-25 07:10 - 2009-07-14 09:37 - 00000000 ____D C:\PerfLogs
2016-12-25 07:09 - 2009-07-14 09:37 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-24 18:52 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-23 13:59 - 2009-07-14 09:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-23 12:43 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\oobe
2016-12-23 12:42 - 2009-07-14 11:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-23 12:42 - 2009-07-14 11:46 - 00122093 _____ C:\Windows\system32\license.rtf
2016-12-23 12:42 - 2009-07-14 11:41 - 00001130 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-12-23 12:41 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\config\TxR
2016-12-23 12:39 - 2011-04-12 09:24 - 00000000 ____D C:\Windows\CSC
2016-12-23 12:36 - 2009-07-14 11:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2016-12-23 12:36 - 2009-07-14 11:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-12-23 12:36 - 2009-07-14 11:34 - 00000000 ____D C:\Windows\Setup
2016-12-23 12:36 - 2009-07-14 09:03 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-22 22:42 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\Drivers\UMDF
2016-12-22 22:35 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Help
2016-12-22 22:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-22 22:21 - 2011-04-12 09:24 - 00000000 ____D C:\Windows\ShellNew
2016-12-22 22:21 - 2009-07-14 11:52 - 00000000 ____D C:\Program Files\MSBuild
2016-12-22 22:19 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-22 22:19 - 2009-07-14 09:04 - 00000478 _____ C:\Windows\win.ini
2016-12-22 22:16 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\system32\restore
2016-12-22 22:14 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-22 22:13 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\CodeIntegrity
2016-12-22 21:46 - 2009-07-14 09:37 - 00000000 ___RD C:\Users
2016-12-22 21:45 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2017-01-05 14:47 - 2017-01-05 14:47 - 0000113 _____ () C:\Users\user\AppData\Roaming\D2Info0
2017-01-05 14:47 - 2017-01-05 15:00 - 0000008 _____ () C:\Users\user\AppData\Roaming\DofusAppId0_1
2017-01-05 14:47 - 2017-01-05 14:47 - 0000008 _____ () C:\Users\user\AppData\Roaming\DofusAppId0_2

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 18:51

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by user (18-01-2017 02:09:33)
Running from C:\Users\user\Downloads\Programs
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-12-22 14:46:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3393853819-73074403-155253753-500 - Administrator - Disabled)
Guest (S-1-5-21-3393853819-73074403-155253753-501 - Limited - Disabled)
user (S-1-5-21-3393853819-73074403-155253753-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Andromax M2Y (HKLM\...\Andromax M2Y_is1) (Version:  - )
Anomy 1.0 (HKLM\...\{9958A4D2-0E84-4179-99F8-090051E6A92D}_is1) (Version:  - JustCme)
BitTorrent (HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\BitTorrent) (Version: 7.9.9.43086 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Closers Online (HKLM\...\{8A10F149-9DC8-4C90-A1DE-129DCE599378}) (Version: 1.171.0 - Megaxus)
Google Chrome (HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Google Chrome) (Version: 27.0.1453.94 - Google Inc.)
HF pAppLoc version 1.2 (HKLM\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.2 - Inquisitor)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5947 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
orgame 0.975.040 (HKLM\...\{F8B5C340-2A84-4895-80E2-941ACE20284A}_is1) (Version: 0.975.040 - Gsoft)
piaip AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
RPG Maker VX Ace (HKLM\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SMADAV version 11.0 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.0 - Smadsoft)
UE4 Prerequisites (x86) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Virus Effect Remover© (HKLM\...\Virus Effect Remover - Version 3.2.2.26_20100312_is1) (Version: 3.2.2.26 - Virus Secure Lab®)
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3393853819-73074403-155253753-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\delegate_execute.exe (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {52A27BEA-3AD2-434B-8779-3D19C0792997} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-01-15] (Smadsoft)
Task: {68FB0C1D-40F4-4135-8F91-2CE3E5B376CD} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
Task: {BB540C19-7A3A-43EC-A386-F9AEA84F263F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {E0BDA045-3DE4-4A88-9A4F-B70DBE943446} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-01 02:43 - 2016-11-01 02:43 - 00564736 _____ () C:\Users\user\AppData\Local\MEGAsync\ShellExtX32.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00015964 _____ () D:\X\Ranked Gaming Client\rgcp\mingwm10.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00043008 _____ () D:\X\Ranked Gaming Client\rgcp\libgcc_s_dw2-1.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 02415104 _____ () D:\X\Ranked Gaming Client\rgcp\QtCore4.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 09515520 _____ () D:\X\Ranked Gaming Client\rgcp\QtGui4.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 01148416 _____ () D:\X\Ranked Gaming Client\rgcp\QtNetwork4.dll
2017-01-02 20:24 - 2015-11-14 18:18 - 00251632 _____ () C:\Program Files\MPC-HC\LAVFilters\libbluray.dll
2016-12-22 22:13 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00107520 _____ () D:\X\Ranked Gaming Client\zlib1.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 00119822 _____ () D:\X\Ranked Gaming Client\libgcc_s_dw2-1.dll
2016-12-22 22:56 - 2016-02-14 06:17 - 01026062 _____ () D:\X\Ranked Gaming Client\libstdc++-6.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2017-01-18 02:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3393853819-73074403-155253753-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: npggsvc => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => C:\Program Files\Winamp\winampa.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{35E471BD-C890-4F88-86DA-3C8DA485AC16}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{ED095F4A-2B36-40A5-89B7-A23E4B1D4A53}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1AF0AB8B-C5AA-49DD-886B-2D2E7C12BB09}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F09BCE28-C601-4F38-B44E-10B210544758}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7E5EB71B-170A-4163-9CF0-A50782632695}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{5AD562F3-81D8-417B-90A0-C5DC77EF2897}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{B2C5EBA9-E180-4938-87CF-7D5D236A6F66}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{501DD51B-E6F3-4A1A-8C39-30AB489FB699}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DEAC7C48-CF55-4AAD-A54A-EBE9332FA8F1}] => C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{873CF0D9-510A-4274-84E3-04045DC2C985}] => C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{6FCDD4C0-F60E-41B9-BC1C-7ACF050B5C3F}D:\x\ranked gaming client\rgcp\rgcp.exe] => D:\x\ranked gaming client\rgcp\rgcp.exe
FirewallRules: [UDP Query User{062E0715-9073-4852-9C1D-9BEAFA8D8DF5}D:\x\ranked gaming client\rgcp\rgcp.exe] => D:\x\ranked gaming client\rgcp\rgcp.exe
FirewallRules: [TCP Query User{1DA7D6B4-C80D-4BFF-B5BD-34736C282C7B}D:\x\ranked gaming client\rgcp\patcher\patcher.exe] => D:\x\ranked gaming client\rgcp\patcher\patcher.exe
FirewallRules: [UDP Query User{1DB7B735-EBC0-49FF-A5BB-E46110B81EE9}D:\x\ranked gaming client\rgcp\patcher\patcher.exe] => D:\x\ranked gaming client\rgcp\patcher\patcher.exe
FirewallRules: [TCP Query User{C72FF95A-FD48-4417-847A-5EE0B34841DD}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [UDP Query User{C2463A32-E93D-4FB8-AB82-E3C27F6F023E}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [TCP Query User{D88CC3A3-40B5-4070-A723-171A06832285}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [UDP Query User{5AF7AC17-7847-4AB1-9CDF-AE8D2FEAF4C9}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [TCP Query User{15666C00-437C-4609-94D8-B030EA4DDDFF}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [UDP Query User{130C75F7-CE55-46E7-899C-F1E1F0C185B9}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [TCP Query User{381F19D8-8AF6-4EDD-B1AD-A9CBCE760170}C:\warcraft iii\war3.exe] => C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{72CC0384-FF4A-4D4A-A891-B1E457A54325}C:\warcraft iii\war3.exe] => C:\warcraft iii\war3.exe
FirewallRules: [{64140BBA-3208-4E92-BE86-DA78C479C0CC}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E5C4EF71-56C8-448E-9ACA-3E07F1B7781E}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D2BB4152-E8D1-4897-BE69-825DA48C5452}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ABD9BFC1-93A7-4ADC-8C8A-D9558AAF97C7}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8784C8E5-2190-4246-8708-DDBF7C1D745A}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7F55B35-3B48-4F4A-ACF2-ECC7D1C2BF14}] => C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{D1E9FCBE-B32E-4CE2-8567-BF1F0AB65633}C:\users\user\appdata\local\megasync\megasync.exe] => C:\users\user\appdata\local\megasync\megasync.exe
FirewallRules: [UDP Query User{0F04AC41-FDBD-45DF-BBF3-0D8BC775A62C}C:\users\user\appdata\local\megasync\megasync.exe] => C:\users\user\appdata\local\megasync\megasync.exe
FirewallRules: [{F84B9F58-8F32-4E63-A09A-D14615C9470E}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{5D64568D-553C-4508-B0AF-D162D6528F6F}C:\program files\internet download manager\idman.exe] => C:\program files\internet download manager\idman.exe
FirewallRules: [UDP Query User{A161EADC-AF19-4345-94AE-CAFE871113E6}C:\program files\internet download manager\idman.exe] => C:\program files\internet download manager\idman.exe
FirewallRules: [TCP Query User{ACB517E8-1E5C-4726-84F9-C5BDED8A7878}C:\program files\mpc-hc\mpc-hc.exe] => C:\program files\mpc-hc\mpc-hc.exe
FirewallRules: [UDP Query User{7061FD38-FC25-4206-A281-3BF23CE05083}C:\program files\mpc-hc\mpc-hc.exe] => C:\program files\mpc-hc\mpc-hc.exe
FirewallRules: [TCP Query User{3C6A2A03-96D2-4865-90F2-ED6EF908E5DC}C:\windows\system32\taskhost.exe] => C:\windows\system32\taskhost.exe
FirewallRules: [UDP Query User{E5CBDF13-E852-426A-80B8-18C0CF149595}C:\windows\system32\taskhost.exe] => C:\windows\system32\taskhost.exe
FirewallRules: [TCP Query User{E476B7C1-C6D1-4EAB-BB9D-D40B2D0B044E}C:\program files\smadav\smadavprotect32.exe] => C:\program files\smadav\smadavprotect32.exe
FirewallRules: [UDP Query User{0366F623-DB7A-4267-819E-72038E0AB227}C:\program files\smadav\smadavprotect32.exe] => C:\program files\smadav\smadavprotect32.exe
FirewallRules: [TCP Query User{0944DA1B-B585-44D3-9180-11C4DEB31E84}C:\program files\orgame\client.exe] => C:\program files\orgame\client.exe
FirewallRules: [UDP Query User{F28D94C6-9C88-4947-9711-0D37CE1E595F}C:\program files\orgame\client.exe] => C:\program files\orgame\client.exe
FirewallRules: [TCP Query User{8026CC60-D78D-4A6A-B2C6-C304D731FD07}C:\windows\system32\ping.exe] => C:\windows\system32\ping.exe
FirewallRules: [UDP Query User{17D06F96-0496-466C-B788-7B68CA12217E}C:\windows\system32\ping.exe] => C:\windows\system32\ping.exe
FirewallRules: [TCP Query User{17B598B9-AF0C-429C-9A9D-16C892169246}C:\windows\system32\taskeng.exe] => C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{008EAAFB-8DE3-43F3-A252-E9C19CB0D2B5}C:\windows\system32\taskeng.exe] => C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4C8C6C50-E47E-4F21-A0CD-7CE6EF0D2EFE}C:\warcraft iii\warkey 6.2\warkey.exe] => C:\warcraft iii\warkey 6.2\warkey.exe
FirewallRules: [UDP Query User{12C0DCE6-E027-4D58-9F23-FDC8EE6F4B0C}C:\warcraft iii\warkey 6.2\warkey.exe] => C:\warcraft iii\warkey 6.2\warkey.exe
FirewallRules: [TCP Query User{1A4560B7-08A4-4D3E-A8DE-5860A6290C9E}C:\windows\system32\conhost.exe] => C:\windows\system32\conhost.exe
FirewallRules: [UDP Query User{7FF2183A-539A-48B3-A37D-F376FA49117B}C:\windows\system32\conhost.exe] => C:\windows\system32\conhost.exe
FirewallRules: [{70F3C5EA-E792-43E9-AB12-07EAA0EC1564}] => C:\Megaxus\Closers Online\CW.EXE
FirewallRules: [{4E8AF611-DCA5-47CF-AE75-8814F02F1F59}] => C:\Megaxus\Closers Online\LAUNCHER.EXE
FirewallRules: [{145E14E0-5D47-469E-A002-ABF8A5CBA769}] => C:\Megaxus\Closers Online\CLOSERS.EXE
FirewallRules: [TCP Query User{5276D183-F889-4E7A-8ABC-CEF93E0E902D}D:\x\ranked gaming client\rgc.exe] => D:\x\ranked gaming client\rgc.exe
FirewallRules: [UDP Query User{5E6DFE6A-75E9-4796-9282-D8FDD908EA9E}D:\x\ranked gaming client\rgc.exe] => D:\x\ranked gaming client\rgc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Smadav\SmadavProtect32.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Warcraft III\Warkey 6.2\WarKey.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [D:\X\Ranked Gaming Client\rgc.exe] => Enabled:ipsec

==================== Restore Points =========================

13-01-2017 13:27:45 Windows Update
13-01-2017 14:38:44 Windows Update
18-01-2017 01:54:29 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2017 05:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2017 03:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2017 07:58:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2017 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/14/2017 05:27:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Broker for reading of IDM settings because of this error.

Program: Broker for reading of IDM settings
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/14/2017 05:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: idmBroker.exe, version: 6.22.1.1, time stamp: 0x582ee0c2
Faulting module name: idmBroker.exe, version: 6.22.1.1, time stamp: 0x582ee0c2
Exception code: 0xc0000096
Fault offset: 0x0000881d
Faulting process id: 0x4b4
Faulting application start time: 0x01d26e50c6cabb9f
Faulting application path: C:\Program Files\Internet Download Manager\idmBroker.exe
Faulting module path: C:\Program Files\Internet Download Manager\idmBroker.exe
Report Id: 05e23120-da44-11e6-be65-066ec3dcf196

Error: (01/14/2017 03:04:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/13/2017 03:29:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/13/2017 01:25:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2017 03:29:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dbc

Start Time: 01d26ca4bdb38fca

Termination Time: 3806

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 2d60bf03-d8a1-11e6-82e8-be1dd9192cc8


System errors:
=============
Error: (01/18/2017 02:03:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/18/2017 02:00:05 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/18/2017 01:55:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/18/2017 01:55:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CDROM_Eject_Smart service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 05:21:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/17/2017 05:21:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/17/2017 05:21:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:18:45 PM on ‎1/‎17/‎2017 was unexpected.

Error: (01/17/2017 02:59:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/17/2017 02:58:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/16/2017 07:57:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 2047.18 MB
Available physical RAM: 871.59 MB
Total Virtual: 4094.36 MB
Available Virtual: 2662.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:10.82 GB) NTFS
Drive d: (DATA) (Fixed) (Total:70.92 GB) (Free:18.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E0E19306)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 17 January 2017 - 05:13 PM

Hi DPRK

The type of infection that you had may well have compromised your security.
It is know that these types of malware are capable of stealing passwords etc.
I recommend that you change all passwords for anything that you perform on this system.

Step 1

I recommend that you uninstall the following program:
Virus Effect Remover

It hasn't been updated for ages and so it's very out of date.
It basically isn't doing anything

SMADAV version 11.0
Not the best AV around ... plus it's meant to be used as an additional program.... not the main one.
I can't understand why you install this program but then try stopping it from running:

MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts



Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\user\Downloads\Programs.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Downloads\Programs folder (Fixlog.txt). Please post this in your next reply.


Step 3
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
In your next reply, please submit:
Fixlog.txt
and the RogueKiller report.


Thanks.

Attached Files


BBPP6nz.png


#7 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 January 2017 - 10:09 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by user (18-01-2017 09:35:51) Run:1
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\Explorer: [NoUpdateCheck] 0
GroupPolicy\User: Restriction ? <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3393853819-73074403-155253753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://123.itiankong.com/?2
S2 CDROM_Eject_Smart; C:\Program Files\Andromax M2Y\FI_Eject.exe [2186240 2015-05-15] () [File not signed]
S2 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
R3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
2017-01-07 19:37 - 2017-01-07 19:37 - 00000000 ____D C:\Program Files\Andromax M2Y
2016-12-25 10:32 - 2017-01-07 19:37 - 00001009 _____ C:\Users\Public\Desktop\Andromax M2Y.lnk
2016-12-25 10:32 - 2017-01-07 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\zwjvhcytwbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\xibfo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\uivgphjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tzhdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\togl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\tnlcyha
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zzmbkjttcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyowns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zyadeizbstq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxykwvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxntsmpkns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zxlhpcxet
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvybg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxxfsps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zvxuplfqaiv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zufsomdnqb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zprns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zph
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\znubd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmulmsalvp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zmpm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zlvlgaoro.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkvadtmlfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zkgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zhbezzk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgtn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zgdzvuq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zfxbo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zerryde
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zdo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zbu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\zayfbnltwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yzvlitevcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yztg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywjmsytb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ywcotf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yueiza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yrvdebxgrzt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yruogei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqwnxmuqkr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yqjwaqwjrgn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypwgam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ypb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ynbpico.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yjbyky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yifbtom
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yhvfljhx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yft.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfguqg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yfddtyco.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeubbz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yeqc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybnso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ybcwdcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yajdu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\yacxpunyz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xxfxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwolbkcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xwfjdkdtixu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xuyoohmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xsdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjnqaxgslz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xrjmwls.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xratz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xogeiasqdx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnrwoffi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xnaaiqyn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xlaoaq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xkiazoygsu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xivldzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xitroqxj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhxj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhliavnncf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhjvdk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xhepiahgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xfor.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xei.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xdnu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbwudob.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xbeumyws.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\xabxrnwognq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wztapis.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvpmojcpagc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wvmaql.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wuienx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wtkvqxla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wriuwbh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wrfmrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wqnbogohpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpushbesv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wpa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wooq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnzrlwgymia
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwpuad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wnwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmsxmgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcwjfwebcg.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmcbsqz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wmaeoulj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wltgfaapaxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wlagsxpfnjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wkaig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjjkwjxof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wjd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\winwis
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgjy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgfzxqxc.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wgekhz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wchut
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\wbyqcoru
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vylysjgigsp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vydky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vxamvnvecd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vwvpxtf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vuzy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vutlo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vtccpjjxhbl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vqzkhuu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vpymgh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlzenqzgwi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vltbvctcek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vlhw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vky.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhuya
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vhgdwwy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vgkauki
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vexcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vekhfmquvd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vedcfvtun
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\vcwbqe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uykjvcews
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uvhkeoo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uuknvmo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\usbsjhq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urupvqobgah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\urfoeuqrrvx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upwhfcfpq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\upqsk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umckcky
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\umblkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ukqsipcp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujurc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujupkolaxz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ujemlvpjgb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uilhoi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uhgxcxne.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ugh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\udixx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ubomomrwsdk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\uaqqwmjt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\txkpazbbtc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tvumtdvg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tviuuwtwvs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tubh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tttpgilubhz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trpcwzo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\trjhziwhqax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tqkrkktdw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tplabizkfi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tparier
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmksiwyo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmiduq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tmhmpisgrjb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tjerrruiu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tixbprzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgysztaa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tgp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\teatwcjgoq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\tcu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\szanch.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sxngztzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swucw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swrosmstc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\swmx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\svh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\surl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\strlohjio
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sthnpbr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\srceeuuzog
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sqrvkkbktxz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sntlrnm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slvwlpnaqo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\slfzi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skjqlknoa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\skcx.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjzadmi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sjfso
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sghtkpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfxzlgg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sfsz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\sao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzyxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rzuc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rybqxma
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rxlxmq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwwmb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rwumiig
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rvitifkhda.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ruwy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rumiqlhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtssxvscl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rtsquze.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rrbddpfknf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rquw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rpz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnixg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rnaxcorvnpm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rmkgnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rlxrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rkdkyehqiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rjzxhrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rilkwzwyil.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\riffaw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rifbww.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rhrrf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfmfahwb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rfbddh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rckntimj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbou.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\rbc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qzegqoobxiy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qxbus.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qwdspx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qvt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\quqsl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qttwzyei.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qswzofzltsi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qsopsnklrnj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qrpcq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqqewpfdl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qqmnchoguw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qpghwlpi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qogqdj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qnretzig.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qncintxhpbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qmlr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qldlx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qjhrojfdm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qhyfrlwcpck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qheefqe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qebywplco
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcyfwezkrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qcw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbvhrrhf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbqeurlah
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qbdvroefxtf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\qayekwvmsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwlwjlqf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwalonerzam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pwa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pvsbacopgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\puxozpwjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptuhkoey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptfcgaof.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ptcwmepfq.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psxulyb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\psuezqksw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqognjycvt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pqjjgvrcrr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ppmurgqnqi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pplmagu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjtdqi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pjjipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\phcioojd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgsh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pgmxllhrgl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pffkxpns
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pepxq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pefaimbebk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pedcjlq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pdqrcouep
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pctk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcpmvigyknw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pcnbisr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pclkwlz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pbzcnzjjax
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\pathdekgnl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oylo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oybbndhpat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxxpcqneqfk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oxsta
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ousspnt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ourtunrnnc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otvbczqzr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otorwgb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\otngpkqlgc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqljnan
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oqipw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opnaypiuh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\opn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofzxmm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oofsbkfk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oocihv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ooaomuyhvz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\onuhfaqdr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\omgkwcqmzh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olwz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olvkvxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhitsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olhdsirhbjm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\olcfhmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\okbzdweogsf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ojlw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\oicryjbsxhd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ohfmfxmgnvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ogknbwh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odpeuveeirg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odklrkid
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\odieozehykz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ocduhsoaeky.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\obfbsckxiuv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nysjggwyrz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nybrohbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvolurg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nvdkhnrqwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ntpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nreadmitf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nqxtrw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\npuailglpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\noyqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nnzey
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\nlzvfpgxhuw.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\netcd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ndpxrjvfik.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\narceunvfsr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mzquaye
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mxdvmytw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwzhlh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mwuwz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvxgdkyrjxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvhxlyyr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mvfhxic
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\msbwl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mrprxeehpe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpvauzxwdz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpuqpwyjjoe.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mpr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mlfml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mkyszmt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\minowwpnhw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mimsxzkfsba
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhymnl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mhefcltipun.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mftkul
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mfpfkyzrxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mflohpswrxl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mcrrrdylbyb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbufohzbd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbpbf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\mbcuyqp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\maynwlp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lzjqvgauzfs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lxjydaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwohwwxa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lwcnbd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvzw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lvjfqnrfy.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ltcbbxm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrwldsbcq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lrotxpqhol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqya.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lqpksm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lptdlhqltgj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnuzijew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lnm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmti
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lmkwvtfa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lljl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lklnirnii
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\litvwn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\liif.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lhlcj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lffhqjpt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lfdwrke
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lex.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lervczxc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lepkgvz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldypa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ldna.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\lbial
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kza
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kykkyyjuomq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kxfziwiehxe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ktkvvqws.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kppamcnflm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kokjkgnayl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knkpjcuzkb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\knk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kmgbr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkxlvn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kkrk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvzwobzke.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjvgkvsar
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kjj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\khzpcmbe
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kgqeevfnt.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfzlj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kfkegdfzsmf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kffzqte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kdi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kcd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kblu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kagoeryt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\kaddzumq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxvemnjznu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jxqxva.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvpytddxshm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jvanbm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\junn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jtdznq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsslx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jsgzsb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jscxtijpp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jresfclof
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jmpx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jkne
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jhvyfmljeob
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfuwpyqkkiu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jfilvhux
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jes
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jeoc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jecbuzopv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jdlshte
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jclas
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\jazdltqdat.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iyao
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ixrmyzmuf.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ivz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iuzsgndntd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\itshnv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ithugwck.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\isnvgwxvzx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipldozicq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ipdnxhip
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iooy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iobspad
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\imisiwl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ilppyukvb.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikvd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikugogpknz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ikitzfwrlzd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ihxkhtew
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\igwyc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifwyys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifvbafbi.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifhfyantlzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ifh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iecx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\idzfxu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iduxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ict.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ibqvywo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\iarssnndg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hzooveshuhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hznd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxpuo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hxokmtz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hwsfdvw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hvbzrysf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hulemjbpzih.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\huiqk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htzs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htubwk.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\htmhmor
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hsxps
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrqwp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hrfumedgw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqwxnfwmq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hqofa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hoboh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hmzimwaq.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hiushfclfla.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\higwf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hhxjfatux.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hgdxppghmnp.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfbtzuzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hfaptb.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbqnkzjqm.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\hbduxvmv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gzswrdxw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxveh.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gxiglgpq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwyphivwam
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwegf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gwcogj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gvsgjc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gtkrjpla
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gsztiwpu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswxesatox.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gswssvrjl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gqr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gksspjwk.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gjrxn.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gityrsbrb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\giemuzl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghgeryzg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ghdvcccqxcv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ggjxmqh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gfgr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gecrm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gdsbvd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gck
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gcgii.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gbx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\gazeenlg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ganwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fzzu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fyvyvw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxwpiwys
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fxhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsopbrrnag
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fsjfcnvfjr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\frznpwqgbxt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fqat.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fonbotjzdzr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnyj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnxe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fnwncbqssp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fmlgoxxnn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fkuuzbgv.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fjpkjgod
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhsongrcc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fhagevihj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\fcibhhrxsu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ezafudvoiyt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\evpk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eswjlbv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\erauoi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eqartqwjeg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epvvbcvej
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\epuzw.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eng
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eiwxqfsa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ehe.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egskehx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\egeegu
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\efwxeovrva
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eesejbzog.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eebifxejokv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edsljcdivuy.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\edovnmlhmu.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ecqooiby
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebwmf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ebeblkboibi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\eafryqglx
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dzna
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dxrnzku.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dtxfol
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqeavzgp.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dqajfj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dpfrqyaznoo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dows
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dogequdlcho
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmuuqmc.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dmtlsnues.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dkfd.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\djzobvavx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dizbniz.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgppwo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dgckkqqq.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfswulgomz.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfol.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dfdenbmhi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\detwvkklv.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\defhdp.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\dbsbm
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daltzc
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\daflhn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cxoab
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cwr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctxnogspj.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ctsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cqbt.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cprceg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cntaml.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cjsvjsn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cixpn
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\civwzqm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cheng.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cguaohd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cfclssx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cdntf.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbqynozbpo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cbgvboorrjj.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\cakqt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzyz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bzkhikmncyf
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\byoqvakieh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bycuny
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bxqecmpfn.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bulcyfilrrd.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsxkwl.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bsmobir.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bpajjydv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bmpedqmgmxo
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\blxcchdo.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bloulzqvnrd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bfsdlrscmiv
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\betjex.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\bacdzugy
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azuxhafgo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\azepwokxctz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ayyyufnvi.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\axxvniyw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auqopa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\auemdu.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aso.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arsimaqa
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\arembuqqlhl.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aqluxxpvzxz
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\apluecjxljh.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aotnjwxb.xml
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alswcpnkwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\alpzadzk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akophcvl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\akjgqsepny.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajnzyssdz.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ajfm.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aihwg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\ahlkupje
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\agd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\afocvlmwd
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aesvs.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\adpgegoatcl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aclcvmx.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\abqj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\system32\aaydghedumh
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\rnni.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\refyhravcw.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\qgqkumwr.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pxluctu.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\pnaphwmzlgp
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\oaap
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\nhs
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lzuovdq
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lyi
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\lqrbl
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\kragnbr.dat
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\jnpltjziixr
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\iurduaasebj
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\hihw
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\grgqrvb
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\fas.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\err.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ejxebk
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\eewo.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\ecisfvuhpa.ini
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dwbwxg
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\dehidfjtpt
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\cpznhdhikek
2016-12-22 22:56 - 2016-12-22 22:56 - 00000032 _____ C:\Windows\baxqskha.dat
CMD: ipconfig /flushdns
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFileUrl => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetHood => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFileMenu => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskBar => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Nosecuritytab => value removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoUpdateCheck => value removed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\System\CurrentControlSet\Services\CDROM_Eject_Smart => key removed successfully.
CDROM_Eject_Smart => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMScheduler => key removed successfully.
MBAMScheduler => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\XDva535 => key removed successfully.
XDva535 => service removed successfully.
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully.
xhunter1 => service removed successfully.
mbr => service not found.
C:\Program Files\Andromax M2Y => moved successfully
C:\Users\Public\Desktop\Andromax M2Y.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y => moved successfully
C:\Windows\zwjvhcytwbc => moved successfully
C:\Windows\xibfo.dat => moved successfully
C:\Windows\uivgphjr => moved successfully
C:\Windows\tzhdw => moved successfully
C:\Windows\togl => moved successfully
C:\Windows\tnlcyha => moved successfully
C:\Windows\system32\zzmbkjttcv.ini => moved successfully
C:\Windows\system32\zyowns => moved successfully
C:\Windows\system32\zyadeizbstq.ini => moved successfully
C:\Windows\system32\zxykwvw => moved successfully
C:\Windows\system32\zxntsmpkns => moved successfully
C:\Windows\system32\zxlhpcxet => moved successfully
C:\Windows\system32\zvybg => moved successfully
C:\Windows\system32\zvxxfsps => moved successfully
C:\Windows\system32\zvxuplfqaiv.dat => moved successfully
C:\Windows\system32\zufsomdnqb => moved successfully
C:\Windows\system32\zprns => moved successfully
C:\Windows\system32\zph => moved successfully
C:\Windows\system32\znubd => moved successfully
C:\Windows\system32\zmulmsalvp.ini => moved successfully
C:\Windows\system32\zmpm.dat => moved successfully
C:\Windows\system32\zlvlgaoro.dat => moved successfully
C:\Windows\system32\zkvadtmlfi => moved successfully
C:\Windows\system32\zkgl => moved successfully
C:\Windows\system32\zhbezzk.ini => moved successfully
C:\Windows\system32\zgtn.dat => moved successfully
C:\Windows\system32\zgdzvuq => moved successfully
C:\Windows\system32\zfxbo => moved successfully
C:\Windows\system32\zerryde => moved successfully
C:\Windows\system32\zdo => moved successfully
C:\Windows\system32\zbu.ini => moved successfully
C:\Windows\system32\zayfbnltwb => moved successfully
C:\Windows\system32\yzvlitevcp => moved successfully
C:\Windows\system32\yztg.dat => moved successfully
C:\Windows\system32\ywjmsytb => moved successfully
C:\Windows\system32\ywcotf.ini => moved successfully
C:\Windows\system32\yueiza => moved successfully
C:\Windows\system32\yrvdebxgrzt => moved successfully
C:\Windows\system32\yruogei.ini => moved successfully
C:\Windows\system32\yqwnxmuqkr.ini => moved successfully
C:\Windows\system32\yqjwaqwjrgn => moved successfully
C:\Windows\system32\ypwgam => moved successfully
C:\Windows\system32\ypn => moved successfully
C:\Windows\system32\ypb => moved successfully
C:\Windows\system32\ynbpico.ini => moved successfully
C:\Windows\system32\yjbyky => moved successfully
C:\Windows\system32\yifbtom => moved successfully
C:\Windows\system32\yhvfljhx => moved successfully
C:\Windows\system32\yft.ini => moved successfully
C:\Windows\system32\yfguqg.dat => moved successfully
C:\Windows\system32\yfddtyco.ini => moved successfully
C:\Windows\system32\yeubbz => moved successfully
C:\Windows\system32\yeqc.ini => moved successfully
C:\Windows\system32\ybnso => moved successfully
C:\Windows\system32\ybcwdcj.ini => moved successfully
C:\Windows\system32\yajdu => moved successfully
C:\Windows\system32\yacxpunyz => moved successfully
C:\Windows\system32\xxfxt => moved successfully
C:\Windows\system32\xwolbkcl => moved successfully
C:\Windows\system32\xwfjdkdtixu => moved successfully
C:\Windows\system32\xuyoohmb => moved successfully
C:\Windows\system32\xsdi => moved successfully
C:\Windows\system32\xrjnqaxgslz => moved successfully
C:\Windows\system32\xrjmwls.ini => moved successfully
C:\Windows\system32\xratz.ini => moved successfully
C:\Windows\system32\xogeiasqdx => moved successfully
C:\Windows\system32\xnrwoffi.ini => moved successfully
C:\Windows\system32\xnaaiqyn => moved successfully
C:\Windows\system32\xlaoaq => moved successfully
C:\Windows\system32\xkiazoygsu.dat => moved successfully
C:\Windows\system32\xivldzk => moved successfully
C:\Windows\system32\xitroqxj.dat => moved successfully
C:\Windows\system32\xhxj.ini => moved successfully
C:\Windows\system32\xhliavnncf.ini => moved successfully
C:\Windows\system32\xhjvdk => moved successfully
C:\Windows\system32\xhi.dat => moved successfully
C:\Windows\system32\xhepiahgu.ini => moved successfully
C:\Windows\system32\xfor.dat => moved successfully
C:\Windows\system32\xei.ini => moved successfully
C:\Windows\system32\xdu.dat => moved successfully
C:\Windows\system32\xdnu => moved successfully
C:\Windows\system32\xbwudob.ini => moved successfully
C:\Windows\system32\xbeumyws.ini => moved successfully
C:\Windows\system32\xabxrnwognq.ini => moved successfully
C:\Windows\system32\wztapis.ini => moved successfully
C:\Windows\system32\wvpmojcpagc.ini => moved successfully
C:\Windows\system32\wvmaql.ini => moved successfully
C:\Windows\system32\wuienx.ini => moved successfully
C:\Windows\system32\wtkvqxla.ini => moved successfully
C:\Windows\system32\wriuwbh => moved successfully
C:\Windows\system32\wrfmrz => moved successfully
C:\Windows\system32\wqnbogohpa => moved successfully
C:\Windows\system32\wpushbesv => moved successfully
C:\Windows\system32\wpa => moved successfully
C:\Windows\system32\wooq => moved successfully
C:\Windows\system32\wnzrlwgymia => moved successfully
C:\Windows\system32\wnwpuad => moved successfully
C:\Windows\system32\wnwis => moved successfully
C:\Windows\system32\wmsxmgb => moved successfully
C:\Windows\system32\wmcwjfwebcg.dat => moved successfully
C:\Windows\system32\wmcbsqz => moved successfully
C:\Windows\system32\wmaeoulj.ini => moved successfully
C:\Windows\system32\wltgfaapaxg => moved successfully
C:\Windows\system32\wlagsxpfnjc => moved successfully
C:\Windows\system32\wkaig => moved successfully
C:\Windows\system32\wjjkwjxof.dat => moved successfully
C:\Windows\system32\wjd.ini => moved successfully
C:\Windows\system32\wio => moved successfully
C:\Windows\system32\winwis => moved successfully
C:\Windows\system32\wgjy => moved successfully
C:\Windows\system32\wgfzxqxc.dat => moved successfully
C:\Windows\system32\wgekhz => moved successfully
C:\Windows\system32\wchut => moved successfully
C:\Windows\system32\wbyqcoru => moved successfully
C:\Windows\system32\vylysjgigsp => moved successfully
C:\Windows\system32\vydky => moved successfully
C:\Windows\system32\vxamvnvecd => moved successfully
C:\Windows\system32\vwx.ini => moved successfully
C:\Windows\system32\vwvpxtf.dat => moved successfully
C:\Windows\system32\vuzy.ini => moved successfully
C:\Windows\system32\vutlo => moved successfully
C:\Windows\system32\vtccpjjxhbl.ini => moved successfully
C:\Windows\system32\vrt => moved successfully
C:\Windows\system32\vrb => moved successfully
C:\Windows\system32\vqzkhuu => moved successfully
C:\Windows\system32\vpymgh.ini => moved successfully
C:\Windows\system32\vlzenqzgwi => moved successfully
C:\Windows\system32\vlv => moved successfully
C:\Windows\system32\vltbvctcek => moved successfully
C:\Windows\system32\vlhw => moved successfully
C:\Windows\system32\vky.dat => moved successfully
C:\Windows\system32\vhuya => moved successfully
C:\Windows\system32\vhgdwwy.ini => moved successfully
C:\Windows\system32\vgkauki => moved successfully
C:\Windows\system32\vexcv.ini => moved successfully
C:\Windows\system32\vekhfmquvd.dat => moved successfully
C:\Windows\system32\vedcfvtun => moved successfully
C:\Windows\system32\vcwbqe => moved successfully
C:\Windows\system32\uykjvcews => moved successfully
C:\Windows\system32\uvhkeoo.dat => moved successfully
C:\Windows\system32\uuknvmo.ini => moved successfully
C:\Windows\system32\usbsjhq => moved successfully
C:\Windows\system32\urupvqobgah => moved successfully
C:\Windows\system32\urfoeuqrrvx => moved successfully
C:\Windows\system32\upwhfcfpq => moved successfully
C:\Windows\system32\upqsk.dat => moved successfully
C:\Windows\system32\umckcky => moved successfully
C:\Windows\system32\umblkiu => moved successfully
C:\Windows\system32\ukqsipcp => moved successfully
C:\Windows\system32\ujurc => moved successfully
C:\Windows\system32\ujupkolaxz.ini => moved successfully
C:\Windows\system32\ujmb => moved successfully
C:\Windows\system32\ujemlvpjgb => moved successfully
C:\Windows\system32\uilhoi.dat => moved successfully
C:\Windows\system32\uhgxcxne.ini => moved successfully
C:\Windows\system32\ugh.ini => moved successfully
C:\Windows\system32\udixx.ini => moved successfully
C:\Windows\system32\ubomomrwsdk.dat => moved successfully
C:\Windows\system32\uaqqwmjt.ini => moved successfully
C:\Windows\system32\txkpazbbtc => moved successfully
C:\Windows\system32\tvumtdvg => moved successfully
C:\Windows\system32\tviuuwtwvs => moved successfully
C:\Windows\system32\tubh.ini => moved successfully
C:\Windows\system32\tttpgilubhz.ini => moved successfully
C:\Windows\system32\trpcwzo => moved successfully
C:\Windows\system32\trjhziwhqax => moved successfully
C:\Windows\system32\tqkrkktdw => moved successfully
C:\Windows\system32\tplabizkfi => moved successfully
C:\Windows\system32\tparier => moved successfully
C:\Windows\system32\tmksiwyo.ini => moved successfully
C:\Windows\system32\tmiduq => moved successfully
C:\Windows\system32\tmhmpisgrjb => moved successfully
C:\Windows\system32\tjerrruiu.ini => moved successfully
C:\Windows\system32\tixbprzs.dat => moved successfully
C:\Windows\system32\tgysztaa.ini => moved successfully
C:\Windows\system32\tgp.dat => moved successfully
C:\Windows\system32\teatwcjgoq => moved successfully
C:\Windows\system32\tcu.ini => moved successfully
C:\Windows\system32\szanch.dat => moved successfully
C:\Windows\system32\sxngztzr => moved successfully
C:\Windows\system32\swucw => moved successfully
C:\Windows\system32\swrosmstc.ini => moved successfully
C:\Windows\system32\swmx.dat => moved successfully
C:\Windows\system32\svh.dat => moved successfully
C:\Windows\system32\surl.ini => moved successfully
C:\Windows\system32\strlohjio => moved successfully
C:\Windows\system32\sthnpbr.ini => moved successfully
C:\Windows\system32\srt.ini => moved successfully
C:\Windows\system32\srceeuuzog => moved successfully
C:\Windows\system32\sqrvkkbktxz.dat => moved successfully
C:\Windows\system32\sntlrnm.dat => moved successfully
C:\Windows\system32\slvwlpnaqo => moved successfully
C:\Windows\system32\slfzi.ini => moved successfully
C:\Windows\system32\skjqlknoa.ini => moved successfully
C:\Windows\system32\skcx.dat => moved successfully
C:\Windows\system32\sjzadmi.ini => moved successfully
C:\Windows\system32\sjfso => moved successfully
C:\Windows\system32\sghtkpu => moved successfully
C:\Windows\system32\sfxzlgg => moved successfully
C:\Windows\system32\sfsz.dat => moved successfully
C:\Windows\system32\sbm => moved successfully
C:\Windows\system32\sao => moved successfully
C:\Windows\system32\rzyxt => moved successfully
C:\Windows\system32\rzuc.ini => moved successfully
C:\Windows\system32\rybqxma => moved successfully
C:\Windows\system32\rxlxmq => moved successfully
C:\Windows\system32\rwwmb => moved successfully
C:\Windows\system32\rwumiig => moved successfully
C:\Windows\system32\rvitifkhda.ini => moved successfully
C:\Windows\system32\ruwy.dat => moved successfully
C:\Windows\system32\rumiqlhw.dat => moved successfully
C:\Windows\system32\rtssxvscl => moved successfully
C:\Windows\system32\rtsquze.dat => moved successfully
C:\Windows\system32\rrbddpfknf => moved successfully
C:\Windows\system32\rquw => moved successfully
C:\Windows\system32\rpz.ini => moved successfully
C:\Windows\system32\rnixg => moved successfully
C:\Windows\system32\rnaxcorvnpm.ini => moved successfully
C:\Windows\system32\rmkgnn.ini => moved successfully
C:\Windows\system32\rlxrf => moved successfully
C:\Windows\system32\rkdkyehqiv => moved successfully
C:\Windows\system32\rjzxhrd => moved successfully
C:\Windows\system32\rilkwzwyil.xml => moved successfully
C:\Windows\system32\riffaw.ini => moved successfully
C:\Windows\system32\rifbww.ini => moved successfully
C:\Windows\system32\rhw.dat => moved successfully
C:\Windows\system32\rhrrf => moved successfully
C:\Windows\system32\rfmfahwb => moved successfully
C:\Windows\system32\rfbddh.dat => moved successfully
C:\Windows\system32\rex.dat => moved successfully
C:\Windows\system32\rckntimj.dat => moved successfully
C:\Windows\system32\rbw => moved successfully
C:\Windows\system32\rbou.dat => moved successfully
C:\Windows\system32\rbc => moved successfully
C:\Windows\system32\qzegqoobxiy.ini => moved successfully
C:\Windows\system32\qxbus.dat => moved successfully
C:\Windows\system32\qwdspx => moved successfully
C:\Windows\system32\qvt => moved successfully
C:\Windows\system32\quqsl => moved successfully
C:\Windows\system32\qttwzyei.dat => moved successfully
C:\Windows\system32\qswzofzltsi => moved successfully
C:\Windows\system32\qsopsnklrnj.dat => moved successfully
C:\Windows\system32\qrpcq.dat => moved successfully
C:\Windows\system32\qqqt.ini => moved successfully
C:\Windows\system32\qqqewpfdl.ini => moved successfully
C:\Windows\system32\qqmnchoguw => moved successfully
C:\Windows\system32\qpghwlpi.ini => moved successfully
C:\Windows\system32\qogqdj => moved successfully
C:\Windows\system32\qnretzig.ini => moved successfully
C:\Windows\system32\qncintxhpbv => moved successfully
C:\Windows\system32\qmlr => moved successfully
C:\Windows\system32\qldlx => moved successfully
C:\Windows\system32\qjhrojfdm => moved successfully
C:\Windows\system32\qhyfrlwcpck => moved successfully
C:\Windows\system32\qheefqe.dat => moved successfully
C:\Windows\system32\qebywplco => moved successfully
C:\Windows\system32\qcyfwezkrw => moved successfully
C:\Windows\system32\qcw => moved successfully
C:\Windows\system32\qbvhrrhf => moved successfully
C:\Windows\system32\qbt => moved successfully
C:\Windows\system32\qbqeurlah => moved successfully
C:\Windows\system32\qbdvroefxtf.ini => moved successfully
C:\Windows\system32\qayekwvmsh => moved successfully
C:\Windows\system32\pwlwjlqf => moved successfully
C:\Windows\system32\pwalonerzam => moved successfully
C:\Windows\system32\pwa => moved successfully
C:\Windows\system32\pvsbacopgo.ini => moved successfully
C:\Windows\system32\puxozpwjj.dat => moved successfully
C:\Windows\system32\ptuhkoey => moved successfully
C:\Windows\system32\ptfcgaof.dat => moved successfully
C:\Windows\system32\ptcwmepfq.xml => moved successfully
C:\Windows\system32\psxulyb.ini => moved successfully
C:\Windows\system32\psuezqksw.dat => moved successfully
C:\Windows\system32\pqognjycvt.dat => moved successfully
C:\Windows\system32\pqjjgvrcrr.ini => moved successfully
C:\Windows\system32\ppmurgqnqi => moved successfully
C:\Windows\system32\pplmagu.ini => moved successfully
C:\Windows\system32\pjtdqi.ini => moved successfully
C:\Windows\system32\pjjipw => moved successfully
C:\Windows\system32\phcioojd.ini => moved successfully
C:\Windows\system32\pgsh => moved successfully
C:\Windows\system32\pgmxllhrgl => moved successfully
C:\Windows\system32\pffkxpns => moved successfully
C:\Windows\system32\pepxq => moved successfully
C:\Windows\system32\pefaimbebk.ini => moved successfully
C:\Windows\system32\pedcjlq.ini => moved successfully
C:\Windows\system32\pdqrcouep => moved successfully
C:\Windows\system32\pctk => moved successfully
C:\Windows\system32\pcpmvigyknw.dat => moved successfully
C:\Windows\system32\pcnbisr => moved successfully
C:\Windows\system32\pclkwlz.ini => moved successfully
C:\Windows\system32\pbzcnzjjax => moved successfully
C:\Windows\system32\pathdekgnl.dat => moved successfully
C:\Windows\system32\oylo => moved successfully
C:\Windows\system32\oybbndhpat => moved successfully
C:\Windows\system32\oxxpcqneqfk.dat => moved successfully
C:\Windows\system32\oxsta => moved successfully
C:\Windows\system32\ousspnt.ini => moved successfully
C:\Windows\system32\ourtunrnnc => moved successfully
C:\Windows\system32\otvbczqzr.dat => moved successfully
C:\Windows\system32\otorwgb.ini => moved successfully
C:\Windows\system32\otngpkqlgc => moved successfully
C:\Windows\system32\oqljnan => moved successfully
C:\Windows\system32\oqipw => moved successfully
C:\Windows\system32\opnaypiuh => moved successfully
C:\Windows\system32\opn => moved successfully
C:\Windows\system32\oofzxmm.dat => moved successfully
C:\Windows\system32\oofsbkfk.ini => moved successfully
C:\Windows\system32\oocihv => moved successfully
C:\Windows\system32\ooaomuyhvz.ini => moved successfully
C:\Windows\system32\onuhfaqdr.dat => moved successfully
C:\Windows\system32\omgkwcqmzh => moved successfully
C:\Windows\system32\olwz => moved successfully
C:\Windows\system32\olvkvxg => moved successfully
C:\Windows\system32\olhitsu => moved successfully
C:\Windows\system32\olhdsirhbjm.dat => moved successfully
C:\Windows\system32\olcfhmx.ini => moved successfully
C:\Windows\system32\okbzdweogsf.ini => moved successfully
C:\Windows\system32\ojlw => moved successfully
C:\Windows\system32\oicryjbsxhd.ini => moved successfully
C:\Windows\system32\ohfmfxmgnvd => moved successfully
C:\Windows\system32\ogn.ini => moved successfully
C:\Windows\system32\ogknbwh.ini => moved successfully
C:\Windows\system32\odpeuveeirg => moved successfully
C:\Windows\system32\odklrkid => moved successfully
C:\Windows\system32\odieozehykz => moved successfully
C:\Windows\system32\ocduhsoaeky.ini => moved successfully
C:\Windows\system32\obfbsckxiuv => moved successfully
C:\Windows\system32\nysjggwyrz => moved successfully
C:\Windows\system32\nybrohbe => moved successfully
C:\Windows\system32\nvolurg => moved successfully
C:\Windows\system32\nvdkhnrqwn => moved successfully
C:\Windows\system32\ntpp.ini => moved successfully
C:\Windows\system32\nreadmitf => moved successfully
C:\Windows\system32\nqxtrw => moved successfully
C:\Windows\system32\npx => moved successfully
C:\Windows\system32\npuailglpt.dat => moved successfully
C:\Windows\system32\noyqt => moved successfully
C:\Windows\system32\nnzey => moved successfully
C:\Windows\system32\nlzvfpgxhuw.xml => moved successfully
C:\Windows\system32\netcd.ini => moved successfully
C:\Windows\system32\ndpxrjvfik.dat => moved successfully
C:\Windows\system32\narceunvfsr.ini => moved successfully
C:\Windows\system32\mzquaye => moved successfully
C:\Windows\system32\mxdvmytw.ini => moved successfully
C:\Windows\system32\mwzhlh.ini => moved successfully
C:\Windows\system32\mwuwz.dat => moved successfully
C:\Windows\system32\mvxgdkyrjxt => moved successfully
C:\Windows\system32\mvhxlyyr.dat => moved successfully
C:\Windows\system32\mvfhxic => moved successfully
C:\Windows\system32\msbwl => moved successfully
C:\Windows\system32\mrprxeehpe => moved successfully
C:\Windows\system32\mpvauzxwdz => moved successfully
C:\Windows\system32\mpuqpwyjjoe.ini => moved successfully
C:\Windows\system32\mpr => moved successfully
C:\Windows\system32\mlfml.ini => moved successfully
C:\Windows\system32\mkyszmt => moved successfully
C:\Windows\system32\minowwpnhw.dat => moved successfully
C:\Windows\system32\mimsxzkfsba => moved successfully
C:\Windows\system32\mhymnl.ini => moved successfully
C:\Windows\system32\mhefcltipun.ini => moved successfully
C:\Windows\system32\mftkul => moved successfully
C:\Windows\system32\mfpfkyzrxe => moved successfully
C:\Windows\system32\mflohpswrxl.dat => moved successfully
C:\Windows\system32\mcrrrdylbyb.dat => moved successfully
C:\Windows\system32\mbufohzbd.dat => moved successfully
C:\Windows\system32\mbpbf.ini => moved successfully
C:\Windows\system32\mbcuyqp => moved successfully
C:\Windows\system32\maynwlp.ini => moved successfully
C:\Windows\system32\lzjqvgauzfs => moved successfully
C:\Windows\system32\lxjydaq.dat => moved successfully
C:\Windows\system32\lwohwwxa => moved successfully
C:\Windows\system32\lwcnbd.ini => moved successfully
C:\Windows\system32\lvzw.dat => moved successfully
C:\Windows\system32\lvjfqnrfy.dat => moved successfully
C:\Windows\system32\ltm => moved successfully
C:\Windows\system32\ltcbbxm => moved successfully
C:\Windows\system32\lrwldsbcq => moved successfully
C:\Windows\system32\lrotxpqhol => moved successfully
C:\Windows\system32\lqya.dat => moved successfully
C:\Windows\system32\lqpksm => moved successfully
C:\Windows\system32\lptdlhqltgj => moved successfully
C:\Windows\system32\lnuzijew => moved successfully
C:\Windows\system32\lnm.ini => moved successfully
C:\Windows\system32\lmti => moved successfully
C:\Windows\system32\lmkwvtfa.ini => moved successfully
C:\Windows\system32\lljl => moved successfully
C:\Windows\system32\lklnirnii => moved successfully
C:\Windows\system32\litvwn => moved successfully
C:\Windows\system32\liif.ini => moved successfully
C:\Windows\system32\lhlcj.ini => moved successfully
C:\Windows\system32\lffhqjpt.dat => moved successfully
C:\Windows\system32\lfdwrke => moved successfully
C:\Windows\system32\lex.dat => moved successfully
C:\Windows\system32\lervczxc => moved successfully
C:\Windows\system32\lepkgvz => moved successfully
C:\Windows\system32\ldypa => moved successfully
C:\Windows\system32\ldna.ini => moved successfully
C:\Windows\system32\lbial => moved successfully
C:\Windows\system32\kza => moved successfully
C:\Windows\system32\kykkyyjuomq => moved successfully
C:\Windows\system32\kxfziwiehxe => moved successfully
C:\Windows\system32\ktkvvqws.dat => moved successfully
C:\Windows\system32\kppamcnflm.dat => moved successfully
C:\Windows\system32\kokjkgnayl.dat => moved successfully
C:\Windows\system32\knkpjcuzkb => moved successfully
C:\Windows\system32\knk.ini => moved successfully
C:\Windows\system32\kmgbr => moved successfully
C:\Windows\system32\kkxlvn => moved successfully
C:\Windows\system32\kkrk.ini => moved successfully
C:\Windows\system32\kjvzwobzke.ini => moved successfully
C:\Windows\system32\kjvgkvsar => moved successfully
C:\Windows\system32\kjj => moved successfully
C:\Windows\system32\khzpcmbe => moved successfully
C:\Windows\system32\kgqeevfnt.dat => moved successfully
C:\Windows\system32\kfzlj => moved successfully
C:\Windows\system32\kfkegdfzsmf.dat => moved successfully
C:\Windows\system32\kffzqte => moved successfully
C:\Windows\system32\kdi => moved successfully
C:\Windows\system32\kcd => moved successfully
C:\Windows\system32\kblu.ini => moved successfully
C:\Windows\system32\kagoeryt => moved successfully
C:\Windows\system32\kaddzumq.ini => moved successfully
C:\Windows\system32\jxvemnjznu => moved successfully
C:\Windows\system32\jxqxva.ini => moved successfully
C:\Windows\system32\jvpytddxshm.ini => moved successfully
C:\Windows\system32\jvanbm.ini => moved successfully
C:\Windows\system32\junn => moved successfully
C:\Windows\system32\jtdznq => moved successfully
C:\Windows\system32\jsslx => moved successfully
C:\Windows\system32\jsgzsb => moved successfully
C:\Windows\system32\jscxtijpp.ini => moved successfully
C:\Windows\system32\jresfclof => moved successfully
C:\Windows\system32\jmpx => moved successfully
C:\Windows\system32\jkne => moved successfully
C:\Windows\system32\jhvyfmljeob => moved successfully
C:\Windows\system32\jfuwpyqkkiu => moved successfully
C:\Windows\system32\jfilvhux => moved successfully
C:\Windows\system32\jes => moved successfully
C:\Windows\system32\jeoc => moved successfully
C:\Windows\system32\jecbuzopv.ini => moved successfully
C:\Windows\system32\jdlshte => moved successfully
C:\Windows\system32\jclas => moved successfully
C:\Windows\system32\jazdltqdat.ini => moved successfully
C:\Windows\system32\iyao => moved successfully
C:\Windows\system32\ixrmyzmuf.ini => moved successfully
C:\Windows\system32\ivz.ini => moved successfully
C:\Windows\system32\iuzsgndntd => moved successfully
C:\Windows\system32\itshnv.ini => moved successfully
C:\Windows\system32\ithugwck.dat => moved successfully
C:\Windows\system32\isnvgwxvzx.ini => moved successfully
C:\Windows\system32\ipldozicq => moved successfully
C:\Windows\system32\ipdnxhip => moved successfully
C:\Windows\system32\iooy => moved successfully
C:\Windows\system32\iobspad => moved successfully
C:\Windows\system32\imisiwl.ini => moved successfully
C:\Windows\system32\ilppyukvb.ini => moved successfully
C:\Windows\system32\ikvd.ini => moved successfully
C:\Windows\system32\ikugogpknz => moved successfully
C:\Windows\system32\ikitzfwrlzd => moved successfully
C:\Windows\system32\ihxkhtew => moved successfully
C:\Windows\system32\igy => moved successfully
C:\Windows\system32\igwyc => moved successfully
C:\Windows\system32\ifwyys => moved successfully
C:\Windows\system32\ifvbafbi.dat => moved successfully
C:\Windows\system32\ifhfyantlzc => moved successfully
C:\Windows\system32\ifh => moved successfully
C:\Windows\system32\iecx => moved successfully
C:\Windows\system32\idzfxu => moved successfully
C:\Windows\system32\iduxw.ini => moved successfully
C:\Windows\system32\ict.ini => moved successfully
C:\Windows\system32\ibqvywo.ini => moved successfully
C:\Windows\system32\iarssnndg => moved successfully
C:\Windows\system32\hzooveshuhi => moved successfully
C:\Windows\system32\hznd => moved successfully
C:\Windows\system32\hxpuo.dat => moved successfully
C:\Windows\system32\hxokmtz.ini => moved successfully
C:\Windows\system32\hwsfdvw => moved successfully
C:\Windows\system32\hvbzrysf => moved successfully
C:\Windows\system32\hulemjbpzih.dat => moved successfully
C:\Windows\system32\huiqk => moved successfully
C:\Windows\system32\htzs.dat => moved successfully
C:\Windows\system32\htubwk.ini => moved successfully
C:\Windows\system32\htmhmor => moved successfully
C:\Windows\system32\hsxps => moved successfully
C:\Windows\system32\hrqwp => moved successfully
C:\Windows\system32\hrfumedgw.ini => moved successfully
C:\Windows\system32\hqwxnfwmq.ini => moved successfully
C:\Windows\system32\hqofa => moved successfully
C:\Windows\system32\hoboh.dat => moved successfully
C:\Windows\system32\hmzimwaq.dat => moved successfully
C:\Windows\system32\hiushfclfla.ini => moved successfully
C:\Windows\system32\higwf => moved successfully
C:\Windows\system32\hhxjfatux.dat => moved successfully
C:\Windows\system32\hgu.ini => moved successfully
C:\Windows\system32\hgdxppghmnp.dat => moved successfully
C:\Windows\system32\hfbtzuzg => moved successfully
C:\Windows\system32\hfaptb.dat => moved successfully
C:\Windows\system32\hbqnkzjqm.dat => moved successfully
C:\Windows\system32\hbduxvmv => moved successfully
C:\Windows\system32\gzswrdxw.ini => moved successfully
C:\Windows\system32\gxveh.dat => moved successfully
C:\Windows\system32\gxiglgpq.ini => moved successfully
C:\Windows\system32\gwyphivwam => moved successfully
C:\Windows\system32\gwegf.dat => moved successfully
C:\Windows\system32\gwcogj => moved successfully
C:\Windows\system32\gvsgjc => moved successfully
C:\Windows\system32\gtkrjpla => moved successfully
C:\Windows\system32\gsztiwpu => moved successfully
C:\Windows\system32\gswxesatox.ini => moved successfully
C:\Windows\system32\gswssvrjl => moved successfully
C:\Windows\system32\gqr => moved successfully
C:\Windows\system32\gksspjwk.dat => moved successfully
C:\Windows\system32\gjrxn.dat => moved successfully
C:\Windows\system32\gityrsbrb => moved successfully
C:\Windows\system32\giemuzl.ini => moved successfully
C:\Windows\system32\ghgeryzg => moved successfully
C:\Windows\system32\ghdvcccqxcv.ini => moved successfully
C:\Windows\system32\ggjxmqh.ini => moved successfully
C:\Windows\system32\gfgr => moved successfully
C:\Windows\system32\gecrm.ini => moved successfully
C:\Windows\system32\gdsbvd => moved successfully
C:\Windows\system32\gck => moved successfully
C:\Windows\system32\gcgii.ini => moved successfully
C:\Windows\system32\gbx.ini => moved successfully
C:\Windows\system32\gazeenlg => moved successfully
C:\Windows\system32\ganwg => moved successfully
C:\Windows\system32\fzzu.dat => moved successfully
C:\Windows\system32\fyvyvw.ini => moved successfully
C:\Windows\system32\fxwpiwys => moved successfully
C:\Windows\system32\fxhn => moved successfully
C:\Windows\system32\fsopbrrnag => moved successfully
C:\Windows\system32\fsjfcnvfjr => moved successfully
C:\Windows\system32\frznpwqgbxt => moved successfully
C:\Windows\system32\fqat.dat => moved successfully
C:\Windows\system32\fonbotjzdzr => moved successfully
C:\Windows\system32\fnyj.ini => moved successfully
C:\Windows\system32\fnxe.dat => moved successfully
C:\Windows\system32\fnwncbqssp.xml => moved successfully
C:\Windows\system32\fmlgoxxnn.ini => moved successfully
C:\Windows\system32\fkuuzbgv.dat => moved successfully
C:\Windows\system32\fjpkjgod => moved successfully
C:\Windows\system32\fhsongrcc => moved successfully
C:\Windows\system32\fhg => moved successfully
C:\Windows\system32\fhagevihj.dat => moved successfully
C:\Windows\system32\fcibhhrxsu => moved successfully
C:\Windows\system32\ezafudvoiyt.ini => moved successfully
C:\Windows\system32\evpk => moved successfully
C:\Windows\system32\eswjlbv => moved successfully
C:\Windows\system32\erauoi => moved successfully
C:\Windows\system32\eqartqwjeg => moved successfully
C:\Windows\system32\epvvbcvej => moved successfully
C:\Windows\system32\epuzw.ini => moved successfully
C:\Windows\system32\eng => moved successfully
C:\Windows\system32\eiwxqfsa => moved successfully
C:\Windows\system32\ehe.dat => moved successfully
C:\Windows\system32\egskehx.ini => moved successfully
C:\Windows\system32\egeegu => moved successfully
C:\Windows\system32\efwxeovrva => moved successfully
C:\Windows\system32\eesejbzog.ini => moved successfully
C:\Windows\system32\eebifxejokv => moved successfully
C:\Windows\system32\edsljcdivuy.ini => moved successfully
C:\Windows\system32\edovnmlhmu.xml => moved successfully
C:\Windows\system32\ecqooiby => moved successfully
C:\Windows\system32\ebwmf => moved successfully
C:\Windows\system32\ebeblkboibi => moved successfully
C:\Windows\system32\eafryqglx => moved successfully
C:\Windows\system32\dzna => moved successfully
C:\Windows\system32\dxrnzku.ini => moved successfully
C:\Windows\system32\dtxfol => moved successfully
C:\Windows\system32\dqeavzgp.xml => moved successfully
C:\Windows\system32\dqajfj.ini => moved successfully
C:\Windows\system32\dpfrqyaznoo => moved successfully
C:\Windows\system32\dows => moved successfully
C:\Windows\system32\dogequdlcho => moved successfully
C:\Windows\system32\dmuuqmc.ini => moved successfully
C:\Windows\system32\dmtlsnues.dat => moved successfully
C:\Windows\system32\dkfd.ini => moved successfully
C:\Windows\system32\djzobvavx.ini => moved successfully
C:\Windows\system32\dizbniz.xml => moved successfully
C:\Windows\system32\dgppwo.dat => moved successfully
C:\Windows\system32\dgckkqqq.ini => moved successfully
C:\Windows\system32\dfswulgomz.ini => moved successfully
C:\Windows\system32\dfol.ini => moved successfully
C:\Windows\system32\dfdenbmhi => moved successfully
C:\Windows\system32\detwvkklv.ini => moved successfully
C:\Windows\system32\defhdp.ini => moved successfully
C:\Windows\system32\dbsbm => moved successfully
C:\Windows\system32\daltzc => moved successfully
C:\Windows\system32\daflhn => moved successfully
C:\Windows\system32\cxoab => moved successfully
C:\Windows\system32\cwr => moved successfully
C:\Windows\system32\ctxnogspj.ini => moved successfully
C:\Windows\system32\ctsn => moved successfully
C:\Windows\system32\cqbt.ini => moved successfully
C:\Windows\system32\cprceg => moved successfully
C:\Windows\system32\cntaml.ini => moved successfully
C:\Windows\system32\cjsvjsn => moved successfully
C:\Windows\system32\cixpn => moved successfully
C:\Windows\system32\civwzqm.ini => moved successfully
C:\Windows\system32\cheng.ini => moved successfully
C:\Windows\system32\cguaohd => moved successfully
C:\Windows\system32\cfclssx.ini => moved successfully
C:\Windows\system32\cdntf.dat => moved successfully
C:\Windows\system32\cbqynozbpo.ini => moved successfully
C:\Windows\system32\cbgvboorrjj.dat => moved successfully
C:\Windows\system32\cakqt => moved successfully
C:\Windows\system32\bzyz.dat => moved successfully
C:\Windows\system32\bzkhikmncyf => moved successfully
C:\Windows\system32\byoqvakieh.ini => moved successfully
C:\Windows\system32\bycuny => moved successfully
C:\Windows\system32\bxqecmpfn.ini => moved successfully
C:\Windows\system32\bulcyfilrrd.dat => moved successfully
C:\Windows\system32\bsxkwl.dat => moved successfully
C:\Windows\system32\bsmobir.dat => moved successfully
C:\Windows\system32\bpajjydv => moved successfully
C:\Windows\system32\bmpedqmgmxo => moved successfully
C:\Windows\system32\blxcchdo.dat => moved successfully
C:\Windows\system32\bloulzqvnrd => moved successfully
C:\Windows\system32\bfsdlrscmiv => moved successfully
C:\Windows\system32\betjex.ini => moved successfully
C:\Windows\system32\bacdzugy => moved successfully
C:\Windows\system32\azuxhafgo.ini => moved successfully
C:\Windows\system32\azepwokxctz => moved successfully
C:\Windows\system32\ayyyufnvi.ini => moved successfully
C:\Windows\system32\axxvniyw => moved successfully
C:\Windows\system32\auqopa => moved successfully
C:\Windows\system32\auemdu.ini => moved successfully
C:\Windows\system32\aso.dat => moved successfully
C:\Windows\system32\arsimaqa => moved successfully
C:\Windows\system32\arembuqqlhl.ini => moved successfully
C:\Windows\system32\aqluxxpvzxz => moved successfully
C:\Windows\system32\apluecjxljh.ini => moved successfully
C:\Windows\system32\aotnjwxb.xml => moved successfully
C:\Windows\system32\alswcpnkwg => moved successfully
C:\Windows\system32\alpzadzk => moved successfully
C:\Windows\system32\akophcvl => moved successfully
C:\Windows\system32\akjgqsepny.ini => moved successfully
C:\Windows\system32\ajnzyssdz.dat => moved successfully
C:\Windows\system32\ajfm.ini => moved successfully
C:\Windows\system32\aihwg => moved successfully
C:\Windows\system32\ahlkupje => moved successfully
C:\Windows\system32\agd => moved successfully
C:\Windows\system32\afocvlmwd => moved successfully
C:\Windows\system32\aesvs.dat => moved successfully
C:\Windows\system32\adpgegoatcl => moved successfully
C:\Windows\system32\aclcvmx.ini => moved successfully
C:\Windows\system32\abqj => moved successfully
C:\Windows\system32\aaydghedumh => moved successfully
C:\Windows\rnni.ini => moved successfully
C:\Windows\refyhravcw.dat => moved successfully
C:\Windows\qgqkumwr.ini => moved successfully
C:\Windows\pxluctu.dat => moved successfully
C:\Windows\pnaphwmzlgp => moved successfully
C:\Windows\oaap => moved successfully
C:\Windows\nhs => moved successfully
C:\Windows\lzuovdq => moved successfully
C:\Windows\lyi => moved successfully
C:\Windows\lqrbl => moved successfully
C:\Windows\kragnbr.dat => moved successfully
C:\Windows\jnpltjziixr => moved successfully
C:\Windows\iurduaasebj => moved successfully
C:\Windows\hihw => moved successfully
C:\Windows\grgqrvb => moved successfully
C:\Windows\fas.ini => moved successfully
C:\Windows\err.ini => moved successfully
C:\Windows\ejxebk => moved successfully
C:\Windows\eewo.ini => moved successfully
C:\Windows\ecisfvuhpa.ini => moved successfully
C:\Windows\dwbwxg => moved successfully
C:\Windows\dehidfjtpt => moved successfully
C:\Windows\cpznhdhikek => moved successfully
C:\Windows\baxqskha.dat => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 271122638 B
Java, Flash, Steam htmlcache => 44919216 B
Windows/system/drivers => 525132 B
Edge => 0 B
Chrome => 100352 B
Firefox => 382476731 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 66228 B
NetworkService => 124140 B
user => 3597963 B

RecycleBin => 0 B
EmptyTemp: => 670.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:36:57 ====

 

RogueKiller V12.9.4.0 [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 01/18/2017 09:40:52 (Duration : 00:26:41)

¤¤¤ Processes : 3 ¤¤¤
[Proc.Injected|VT.Unknown] IDMan.exe(2060) -- C:\Program Files\Internet Download Manager\IDMan.exe[-] -> Killed [TermProc]
[VT.Unknown] IEMonitor.exe(2344) -- C:\Program Files\Internet Download Manager\IEMonitor.exe[-] -> Killed [TermProc]
[VT.Unknown] rgc.exe(1244) -- D:\X\Ranked Gaming Client\rgc.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 5 ¤¤¤
[VT.Unknown] HKEY_USERS\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Run | IDMan : C:\Program Files\Internet Download Manager\IDMan.exe /onboot [-] -> Deleted
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1  -> Deleted
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1  -> Deleted
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1  -> Deleted
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3393853819-73074403-155253753-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160316CS ATA Device +++++
--- User ---
[MBR] 824c5acffbc69ca9f548e01c65033133
[BSP] 2d32db7d6aec533e8dea1409e1780e29 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 163842048 | Size: 72625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 18 January 2017 - 01:34 AM

Hi DPRK

That's good, we're slowly getting there.

Let's look a little deeper now.

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
In your next reply, please submit:
Eset scan report
also give me an update on any problems with the system.


Thanks.

BBPP6nz.png


#9 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 January 2017 - 07:42 AM

ok, right now im updating the virus database

and what kind of problem on the system?



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 18 January 2017 - 07:47 AM

You listed a lot of problems at the start of this topic..... have these problems been cured yet?
Any new problems emerged?

BBPP6nz.png


#11 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 January 2017 - 08:22 AM

C:\ProgramData\Oracle\Java\javapath\java.exe    Win32/Sality.NBA virus    
C:\ProgramData\Oracle\Java\javapath\javaw.exe    Win32/Sality.NBA virus    
C:\ProgramData\Oracle\Java\javapath\javaws.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Oracle\Java\javapath\java.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Oracle\Java\javapath\javaw.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Oracle\Java\javapath\javaws.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Package Cache\BFB74E498C44D3A103CA3AA2831763FB417134D1\vcredist_x86.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe    Win32/Sality.NBA virus    
C:\Users\All Users\Package Cache\{f1203e43-4ddb-4280-974e-73f14d793dbd}\UE4PrereqSetup_x86.exe    Win32/Sality.NBA virus    
C:\Warcraft III\w3l.exe    Win32/Sality.NBA virus    
C:\Warcraft III\Warkey 6.2\WarKey.exe    Win32/Sality.NBA virus    
C:\Drivers\Audio\Other\EchoDigital\Indigo\Console4.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\EchoDigital\Indigo\SysLoad.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\EchoDigital\Indigo\uninst.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\nVIDIA\nvuhda.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Fireface\fireface.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Fireface\firefacemix.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Fireface_usb\firefaceusb.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Fireface_usb\firefaceusbmix.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Hdsp\hdsp32.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Other\RME\Hdsp\hdspmix.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\AC97\alcrmv.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\AC97\ChCfg.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\AC97\RTLCPL.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\AC97\SoundMan.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\AERTSrv.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\RtHDVBg.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\RtHDVCpl.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\RtkAudioService.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\RtkNGUI.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\RtlUpd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\SkyTel.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HD\vncutil.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HDMI\RtkAudioSrvATI.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Audio\Realtek\HDMI\RtkUpd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\regcat.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\accelerometerST.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\hpcplapp.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\HPSERVICE.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\HpTile2.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\hptileapp.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Other\NoteBook\all\x86\InstHPMDP.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\hkcmd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igfxcfg.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igfxext.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igfxpers.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igfxsrvc.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igfxtray.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\igxpun.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\3150\TVWSetup.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\hkcmd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igfxcfg.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igfxext.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igfxpers.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igfxsrvc.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igfxtray.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\igxpun.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\945-Q35\TVWSetup.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\hkcmd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\igfxext.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\igfxpers.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\igfxsrvc.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\igfxtray.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\igxpun.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\G41-i7\TVWSetup.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\GMA500\hkcmd.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\GMA500\igfxcfg.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\GMA500\IgfxExt.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\GMA500\igfxsrvc.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\Intel\GMA500\igfxtray.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\nVIDIA\D-M\dbInstaller.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\nVIDIA\D-M\nvudisp.exe    Win32/Sality.NBA virus    cleaned
C:\Drivers\Video\nVIDIA\HDMI\nvuhda.exe    Win32/Sality.NBA virus    cleaned
C:\FRST\Quarantine\C\Program Files\Andromax M2Y\Andromax M2Y.exe    Win32/Sality.NBA virus    cleaned
C:\FRST\Quarantine\C\Program Files\Andromax M2Y\Install.exe    Win32/Sality.NBA virus    cleaned
C:\FRST\Quarantine\C\Program Files\Andromax M2Y\Tip_Smart_LTE.exe    Win32/Sality.NBA virus    cleaned
C:\FRST\Quarantine\C\Program Files\Andromax M2Y\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\CLOSERS.EXE    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\CW.EXE    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\LAUNCHER.EXE    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\vcredist_x86.exe    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\DirectX9.0c\DXSETUP.exe    Win32/Sality.NBA virus    cleaned
C:\Megaxus\Closers Online\MGX\mgx.exe    Win32/Sality.NBA virus    cleaned
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe    Win32/Sality.NBA virus    cleaned
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe    Win32/Sality.NBA virus    cleaned
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE    Win32/Sality.NBA virus    cleaned
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\7-Zip\7z.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\7-Zip\7zFM.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\7-Zip\7zG.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\7-Zip\Uninstall.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcrobatInfo.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroBroker.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrodist.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTextExtractor.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\LogTransport2.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\plug_ins\Scan\AcroScanBroker.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\Acrobat Elements.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertIFDShell.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertIP.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertPDF.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertWord.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\FormDesigner.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertIFD\convertifd.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Designer 9.0\ConvertXF\ConvertXF.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Setup Files\{AC76BA86-1033-F400-7760-000000000005}\setup.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Adobe\Acrobat 10.0\Setup Files\{AC76BA86-1033-F400-7760-000000000005}\WindowsInstaller-KB893803-v2-x86.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Anomy\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Anomy\bin\shexec.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\CCleaner\CCleaner.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\CCleaner\uninst.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\ceregreset.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\Cheat Engine.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\cheatengine-i386.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\DotNetDataCollector32.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\Kernelmoduleunloader.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
C:\Program Files\Cheat Engine 6.6\Tutorial-i386.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Cheat Engine 6.6\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\AdobeApplicationManager\AAMSetup\Set-up.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\DWA\Setup.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\Adobe_Helperx32.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\LWA\AAM Registration Notifier.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\LWA\adobe_licutil.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAMLauncher.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater).exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\LogTransport2.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Enterbrain\RGSS3\RPGVXAce\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Java\Java Update\jaureg.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Java\Java Update\jucheck.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Java\Java Update\jusched.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\DW\DWTRIG20.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\MSInfo\OINFOP12.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\ACECNFLT.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\MSE7.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLED.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\OFFDIAG.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\SETUP.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Common Files\Steam\SteamService.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Enterbrain\RPGVXAce\RPGVXAce.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Enterbrain\RPGVXAce\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Internet Download Manager\IDMan.exe    Win32/Sality.NBA virus    error while cleaning
C:\Program Files\Internet Download Manager\idmBroker.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Internet Download Manager\IDMGrHlp.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Internet Download Manager\IEMonitor.exe    Win32/Sality.NBA virus    error while cleaning
C:\Program Files\Internet Download Manager\MediumILStart.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Internet Download Manager\Uninstall.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\jabswitch.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\java-rmi.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\java.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\javacpl.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\javaw.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\javaws.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\jjs.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\jp2launcher.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\keytool.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\kinit.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\klist.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\ktab.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\orbd.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\pack200.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\policytool.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\rmid.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\rmiregistry.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\servertool.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\ssvagent.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\tnameserv.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Java\jre1.8.0_111\bin\unpack200.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\CNFNOT32.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\DRAT.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\DSSM.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\excelcnv.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GRAPH.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GrooveClean.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\MSTORE.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\OIS.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\PPTVIEW.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\REGFORM.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\SCANOST.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\SCANPST.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\SELFCERT.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\SETLANG.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\VPREVIEW.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\Wordconv.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Microsoft Office\Office12\1033\ONELEV.EXE    Win32/Sality.NBA virus    cleaned
C:\Program Files\MPC-HC\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\MPC-HC\CrashReporter\sendrpt.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\NVIDIA Corporation\Uninstall\nvudisp.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\SMADAV\unins000.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\ToolWagon\1.0.4.133708\render.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Winamp\UninstWA.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Winamp\winamp.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\Winamp\winampa.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\WinRAR\Rar.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\WinRAR\RarExtLoader.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\WinRAR\Uninstall.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\WinRAR\UnRAR.exe    Win32/Sality.NBA virus    cleaned
C:\Program Files\WinRAR\WinRAR.exe    Win32/Sality.NBA virus    cleaned
C:\ProgramData\Package Cache\BFB74E498C44D3A103CA3AA2831763FB417134D1\vcredist_x86.exe    Win32/Sality.NBA virus    cleaned
C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe    Win32/Sality.NBA virus    cleaned
C:\ProgramData\Package Cache\{f1203e43-4ddb-4280-974e-73f14d793dbd}\UE4PrereqSetup_x86.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\chrome_frame_helper.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\chrome_launcher.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\delegate_execute.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.94\Installer\setup.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Roaming\BitTorrent\updates\7.9.9_43086.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Roaming\MyMacro\MT.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Roaming\MyMacro\mymacro_errinfo.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\AppData\Roaming\MyMacro\Runner.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\Downloads\Compressed\hjsplit.exe    Win32/Sality.NBA virus    cleaned
C:\Users\user\Downloads\Compressed\[www.gigapurbalingga.com]_CCleP5255902.rar    Win32/Keygen.KG potentially unsafe application    deleted
C:\Warcraft III\BNUpdate.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\Frozen Throne.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\w3l.exe    Win32/GameHack.QJ potentially unsafe application    cleaned by deleting
C:\Warcraft III\War3TFT_121b_122a_English.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\Warcraft III.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\World Editor.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\worldedit.exe    Win32/Sality.NBA virus    cleaned
C:\Warcraft III\Warkey 6.2\WarKey.exe    a variant of Win32/GameTool.CE potentially unsafe application    cleaned by deleting
D:\X\hjsplit.exe    Win32/Sality.NBA virus    cleaned
D:\X\fmd_0.9.77.0\7za.exe    Win32/Sality.NBA virus    cleaned
D:\X\fmd_0.9.77.0\fmd.exe    Win32/Sality.NBA virus    cleaned
D:\X\fmd_0.9.77.0\updater.exe    Win32/Sality.NBA virus    cleaned
D:\X\Ranked Gaming Client\rgc.exe    Win32/Sality.NBA virus    cleaned
D:\X\Ranked Gaming Client\rgcp\ORIG.exe    Win32/Sality.NBA virus    cleaned
D:\X\Ranked Gaming Client\rgcp\rgcp.exe    Win32/Sality.NBA virus    error while cleaning
D:\X\Ranked Gaming Client\rgcp\vcredist_x86.exe    Win32/Sality.NBA virus    cleaned
D:\X\Ranked Gaming Client\rgcp\patcher\patcher.exe    Win32/Sality.NBA virus    cleaned
D:\X\Ranked Gaming Client\rgcp\patcher\test_privileges.exe    Win32/Sality.NBA virus    cleaned
D:\X\Recover\Dumb Crow\Fleeting Iris v069b2\Game.exe    Win32/Sality.NBA virus    cleaned
D:\X\Recover\Dumb Crow\Lily of the Valley V0.5 fixed\Game.exe    Win32/Sality.NBA virus    cleaned
Operating memory    Win32/Sality.NBA virus    error while cleaning

there some of my game in there

its false virus or ?


Edited by DPRK, 18 January 2017 - 09:56 AM.


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 18 January 2017 - 01:16 PM

Hi DPRK

there some of my game in there

its false virus or ?

It's very serious actually.
I picked up on this when I saw this in the reports:

S2 CDROM_Eject_Smart; C:\Program Files\Andromax M2Y\FI_Eject.exe [2186240 2015-05-15] () [File not signed]

But didn't know until running the Eset scan, just how far it had infected the system.

Sality is a file infecting virus that spreads by infecting exe and scr files.
The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive.
In addition, Sality includes a downloader trojan component that installs additional malware via the Web.
It can steal sensitive information, such as user names and passwords and can give a malicious attacker access and control of the PC.

This is why I suggested changing all of your passwords earlier.

As you can see it's quite widespread.
We can try and clean as much as we can but obviously there's no guarantee that all of the rootkit will be removed.
Most people would prefer to reinstall the operating system to ensure a clean system again.

Because you said earlier that the problem kept coming back after you had reinstalled the OS.... I assume that after the reinstall, you add back programs, games etc that you have stored on Usb sticks etc.
This is probably why you are getting reinfected...... either the Usb sticks are infected or the programs/games are infected.
and you are just adding them back onto the system.

If you reinstall, you need to perform a full clean install ( wipe the hard drive completely) and start afresh without using any of the saved programs/games.

It's up to you where we go from here.

BBPP6nz.png


#13 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 January 2017 - 02:25 PM

that one andromax_M2y was mobile wifi

usually after reinstall windows

im just download games from official web of that game

 

then how about the task manager and regedit?

can't open ctrl alt delete and ctrl shift esc

if change the value it's keep going back again the value



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:49 AM

Posted 18 January 2017 - 03:45 PM

then how about the task manager and regedit?

can't open ctrl alt delete and ctrl shift esc

if change the value it's keep going back again the value

There isn't much point in trying to fix some of the system problems until we're sure that the infections have been removed.
Eset is showing that there may have been some problems in removing some of the malware.


Step 1
I see that you have MalwareBytes V3 installed.
Let's remove this completely and get a fresh copy of the program. ( that way we know for sure that it's clean)
  • Uninstall MalwareBytes from your system
  • Restart your computer (very important).
  • Now Download mbam clean and save to your Desktop.
  • Please close all open applications to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8/10 users right-click and select Run As Administrator.. and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so (very important)
.
  • Download Malwarebytes 3 and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Click Finish
.
MalwareBytes will now open to the Dashboard.

nmb12_zpslgp53gyt.png

All protection should now enable and the update process should begin.
Once the update process has completed, Click Scan Now to start your Threat scan.

Allow MalwareBytes to remove/quarantine whatever it finds.

To find the reports
  • From the main Dashboard click Reports (left hand side)
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
  • Click Export >> Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
.
nmb14_zpsdq4dkyqo.png


Step 2
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
In your next reply, please submit:
MalwareBytes scan report
Report from E.E.K


Thanks.

BBPP6nz.png


#15 DPRK

DPRK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 January 2017 - 05:09 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/19/17
Scan Time: 4:47 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.735
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: user-PC\user

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268000
Time Elapsed: 3 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replace-on-Reboot, [19289], [293296],1.0.735
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replace-on-Reboot, [19289], [293294],1.0.735
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replace-on-Reboot, [19289], [293295],1.0.735

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.VRBrothers, C:\USERS\USER\APPDATA\ROAMING\MYMACRO\MYMACRO_ERRINFO.EXE, Delete-on-Reboot, [1112], [328099],1.0.735

Physical Sector: 0
(No malicious items detected)


(end)

 

Emsisoft Emergency Kit - Version 12.0
Last update: 1/19/2017 5:03:10 AM
User account: user-PC\user
Computer name: USER-PC
OS version: Windows 7x86 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    1/19/2017 5:04:08 AM
C:\Program Files\Internet Download Manager\IDMan.exe.vir.vir     detected: Win32.Sality.3 (B) [krnl.xmd]
C:\Program Files\Internet Download Manager\IEMonitor.exe.vir.vir     detected: Win32.Sality.3 (B) [krnl.xmd]

Scanned    70573
Found    2

Scan end:    1/19/2017 5:09:14 AM
Scan time:    0:05:06

C:\Program Files\Internet Download Manager\IEMonitor.exe.vir.vir     Win32.Sality.3 (B)
C:\Program Files\Internet Download Manager\IDMan.exe.vir.vir     Win32.Sality.3 (B)

Quarantined    2
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users