Jump to content

Laptops shuts down midway through malwarebytes scan plzz HELP ME

star240

By star240
in Resolved Malware Removal Logs

 Share

Recommended Posts

star240

star240

Posted
Posted (edited)

hi everybody,

somebody please help me as my laptop keeps shutting down abrupty when I run malware bytes. 2 days ago malware bytes detected 3,500  malware files which I deleted. But now the laptop becomes responsive whatever I do anything after a while and I have to restart. I ran combo fix and its log file is attached here in this post. Please help me. Before malware bytes I was using Microsoft Security Essentials.

ComboFix.txt

Edited by star240
Link to post
Share on other sites
  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

kevinf80

kevinf80

Posted
Posted
Hello star240 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites
star240

star240

Posted
  • Author
Posted

First of all Thanks Kevinf180 for helping me. I have a Windows 7 Utimate 64-bit operating system with intel core i5 processor @2.53GHz.

I downloaded FRST and ran a scan as per your instructions and the file results are here below  while the ADDITION.txt file is attached with this post.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by HP (administrator) on HP-PC (07-02-2017 19:52:50)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2277154280-622526180-1492564643-1000\...\Run: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] => C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-05] ()
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-25]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{0FB20474-6681-4434-8AF1-61E2FDDAA525}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{218D8EE4-D680-4361-89E8-52B0D8A3D481}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{5A4DDC44-CDB6-42A5-8E4E-E7A8A141EE7E}: [DhcpNameServer] 10.10.0.1
Tcpip\..\Interfaces\{74FF6C6D-C140-4CD9-A622-88DA882B6B64}: [NameServer] 203.99.163.240
Tcpip\..\Interfaces\{884827F6-B022-4330-A7AD-59A944C8E9FE}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ABAAB598-BDAC-4AF3-ABE9-B15861BD1A10}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{C5DFC1D7-A665-4A2B-BF67-477ABE59F272}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{D597061C-799D-4723-BA0F-E0700F23F115}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{DE04F20B-3628-4C33-A74A-08985553F98B}: [DhcpNameServer] 203.130.2.3 221.132.112.8
Tcpip\..\Interfaces\{E360537D-6FB0-43D3-83B7-201086BB10EF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E46431F4-C4F6-4AD0-94AA-6B36C7248BAA}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{FA0439EB-30E1-4631-9BCF-9A3F0B7BF4A2}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2277154280-622526180-1492564643-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131030624273951072&GUID=696ADB0C-C854-4B5D-9711-CDEF59176F93
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131030624273961072&GUID=696ADB0C-C854-4B5D-9711-CDEF59176F93
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2277154280-622526180-1492564643-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2277154280-622526180-1492564643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131030624274161084&GUID=696ADB0C-C854-4B5D-9711-CDEF59176F93
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2277154280-622526180-1492564643-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450259215&from=zzgbkk123&uid=st9500420as_5vj8w7tw&z=d72a1733c29f25d146ec5d6g4z1w1e0o1w9t7ocg4e&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxps://picasaweb.google.com/s/v/71.33/uploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7l2vsii7.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\7l2vsii7.default [2017-02-06]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-02-16] [not signed]
FF Extension: (Babylon OCR) - C:\Program Files (x86)\Mozilla Firefox\extensions\ocr@babylon.com [2015-02-16] [not signed]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-16] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2277154280-622526180-1492564643-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2277154280-622526180-1492564643-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2277154280-622526180-1492564643-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.v9.com?type=hp&ts=1439210869&from=mych123&uid=st9500420as_5vj8w7tw&z=192fde69b00c69e86610e46g0z2cdt3o0g1e0b0q8m
CHR DefaultSearchURL: Default -> hxxp://www.google.com.hk/search?site=&source=hp&q={searchTerms}&btnG=Search
CHR DefaultSearchKeyword: Default -> google.com.hk
CHR Plugin: (Shockwave Flash) - C:\Users\HP\AppData\Local\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Native Client) - C:\Users\HP\AppData\Local\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\HP\AppData\Local\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-07]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-09]
CHR Extension: (Freemake Video Converter) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2012-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Print Friendly & PDF) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-02-05]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-11-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [lnacddkjljapoaofejjjkjfaahakddcl] - C:\Program Files (x86)\LittleApp Suggestor\LittleAppSuggestor.crx [2012-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-04-10] (Autodesk)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2015-03-31] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2015-03-31] (Macrovision Europe Ltd.) [File not signed]
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
S3 UDisk Monitor; C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe [403456 2010-05-31] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43520 2011-02-22] (Motorola Solutions, Inc.)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-07] (Malwarebytes)
S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu_x64.sys [154112 2010-07-05] (MediaTek Inc.) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-04-21] (ZTEMT Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Users\HP\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S1 dgtlsgsr; \??\C:\Windows\system32\drivers\dgtlsgsr.sys [X]
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 MFE_RR; \??\C:\Users\HP\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 19:52 - 2017-02-07 19:54 - 00022571 _____ C:\Users\HP\Desktop\FRST.txt
2017-02-07 19:52 - 2017-02-07 19:52 - 00000000 ____D C:\FRST
2017-02-07 19:50 - 2017-02-07 19:51 - 02421248 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2017-02-07 18:37 - 2017-02-07 18:37 - 06253640 _____ (AVAST Software) C:\Users\HP\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-02-07 17:57 - 2017-02-07 17:57 - 00028189 _____ C:\ComboFix.txt
2017-02-07 17:45 - 2011-06-26 11:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-07 17:45 - 2010-11-07 22:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-07 17:45 - 2009-04-20 09:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-07 17:45 - 2000-08-31 05:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-07 17:45 - 2000-08-31 05:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-07 17:45 - 2000-08-31 05:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-07 17:45 - 2000-08-31 05:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-07 17:45 - 2000-08-31 05:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-07 17:44 - 2017-02-07 17:57 - 00000000 ____D C:\Qoobox
2017-02-07 17:44 - 2017-02-07 17:56 - 00000000 ____D C:\Windows\erdnt
2017-02-07 17:43 - 2017-02-07 17:44 - 05659775 ____R (Swearware) C:\Users\HP\Downloads\ComboFix.exe
2017-02-07 17:41 - 2017-02-07 17:41 - 00881904 _____ (Plumbytes Software) C:\Users\HP\Downloads\antimalwaresetup.exe
2017-02-06 23:03 - 2017-02-06 23:03 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-06 23:03 - 2017-02-06 23:03 - 00000000 ____D C:\Users\HP\AppData\Local\VS Revo Group
2017-02-06 23:03 - 2017-02-06 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-02-06 23:02 - 2017-02-06 23:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-06 23:02 - 2017-02-06 23:02 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-06 23:02 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2017-02-06 22:18 - 2017-02-06 22:18 - 00000017 _____ C:\Users\HP\AppData\Local\resmon.resmoncfg
2017-02-06 14:31 - 2017-02-06 14:31 - 00557722 _____ C:\Users\HP\Desktop\malware summary.txt
2017-02-06 14:31 - 2017-02-06 14:31 - 00557718 _____ C:\Users\HP\Desktop\scan report.txt
2017-02-06 14:06 - 2017-02-06 14:06 - 00561316 _____ C:\Users\HP\Desktop\gjgj malware.txt
2017-02-06 05:24 - 2017-02-07 17:45 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-06 05:24 - 2017-02-07 16:33 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-06 05:24 - 2017-02-06 05:24 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-06 05:23 - 2017-02-07 17:45 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 05:23 - 2017-02-07 17:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-06 05:16 - 2017-02-06 05:16 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-06 05:16 - 2017-02-06 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-06 05:16 - 2017-02-06 05:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-06 05:16 - 2017-02-06 05:16 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-06 05:16 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-06 04:49 - 2017-02-06 05:15 - 55566792 _____ (Malwarebytes ) C:\Users\HP\Downloads\mb3-setup-consumer-3.0.6.1469(1).exe
2017-02-06 04:15 - 2017-02-06 04:19 - 00670232 _____ (Malwarebytes ) C:\Users\HP\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-05 22:05 - 2017-02-05 22:05 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-27 04:01 - 2005-02-16 11:06 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\HP\Desktop\HijackThis.exe
2017-01-27 03:45 - 2017-01-27 03:46 - 00456919 _____ (Alex T. ) C:\Users\HP\Downloads\windowsuninstallersetup.exe
2017-01-27 03:45 - 2017-01-27 03:46 - 00251392 _____ C:\Users\HP\Downloads\hijackthis_sfx.exe
2017-01-27 00:12 - 2017-02-07 17:57 - 02738208 _____ C:\Windows\ntbtlog.txt
2017-01-26 22:37 - 2017-01-26 22:37 - 00003400 ____N C:\bootsqm.dat
2017-01-14 18:33 - 2017-01-14 18:34 - 00450078 _____ C:\Users\HP\Downloads\ETSNGTCR_0000000028899156 (1).pdf
2017-01-14 02:20 - 2017-01-14 02:21 - 05856316 _____ C:\Users\HP\Downloads\B7C2.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 19:46 - 2015-11-29 23:56 - 00779172 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 19:46 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\inf
2017-02-07 19:45 - 2015-07-01 01:11 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2277154280-622526180-1492564643-1000UA.job
2017-02-07 19:45 - 2013-09-10 17:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 18:19 - 2012-03-02 21:08 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2277154280-622526180-1492564643-1000UA.job
2017-02-07 18:11 - 2009-07-14 09:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-07 18:11 - 2009-07-14 09:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-07 18:03 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-07 17:55 - 2009-07-14 07:34 - 00000215 _____ C:\Windows\system.ini
2017-02-07 16:20 - 2011-01-18 23:07 - 00001945 _____ C:\Windows\epplauncher.mif
2017-02-06 23:11 - 2016-11-15 12:56 - 00000000 ____D C:\Users\HP\AppData\Roaming\IObit
2017-02-06 23:11 - 2016-11-15 12:56 - 00000000 ____D C:\ProgramData\IObit
2017-02-06 22:32 - 2013-10-20 13:34 - 00000000 ____D C:\Users\HP\.android
2017-02-06 20:08 - 2014-06-10 02:07 - 00000000 ____D C:\Program Files\CCleaner
2017-02-06 19:49 - 2009-07-14 10:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 14:21 - 2013-01-10 04:10 - 00000000 ____D C:\Program Files (x86)\LittleApp Suggestor
2017-02-06 14:09 - 2011-01-12 11:49 - 00000000 ____D C:\Users\HP
2017-02-06 14:08 - 2015-08-06 15:08 - 00000000 ____D C:\Users\HP\AppData\Roaming\Elex-tech
2017-02-06 04:21 - 2009-07-14 07:34 - 00000541 _____ C:\Windows\win.ini
2017-02-06 03:25 - 2012-03-02 21:08 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2277154280-622526180-1492564643-1000Core.job
2017-02-05 22:05 - 2013-10-28 22:37 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
2017-02-03 15:32 - 2016-11-15 13:26 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 21:41 - 2015-07-21 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2017-01-26 19:33 - 2015-09-17 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ekahau
2017-01-26 19:33 - 2015-09-17 19:45 - 00000000 ____D C:\Program Files\Ekahau
2017-01-26 19:16 - 2011-08-03 13:27 - 00000000 ____D C:\Users\HP\AppData\Roaming\BitTorrent
2017-01-17 15:16 - 2016-01-13 21:06 - 00000000 ____D C:\Users\HP\Desktop\Metro
2017-01-15 12:35 - 2015-07-01 01:11 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2277154280-622526180-1492564643-1000Core.job
2017-01-14 19:40 - 2015-10-26 00:42 - 00000000 ____D C:\Users\HP\Desktop\CSS 2016
2017-01-14 19:38 - 2015-12-10 18:23 - 00000000 ____D C:\Users\HP\Desktop\NAB results and Gret landmarks
2017-01-14 19:38 - 2014-09-26 19:54 - 00000000 ___HD C:\Users\HP\Desktop\7th semester
2017-01-14 19:36 - 2016-09-14 16:37 - 00000000 ____D C:\Users\HP\Desktop\Admission 2017+docs
2017-01-13 23:25 - 2016-05-09 00:58 - 00000000 ____D C:\Users\HP\Desktop\Fulbright
2017-01-11 13:35 - 2013-09-10 17:21 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 13:35 - 2013-09-10 17:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 13:35 - 2012-01-31 01:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 13:34 - 2013-09-10 17:21 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 13:34 - 2011-01-12 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-09-08 00:42 - 2015-09-08 00:42 - 1415680 _____ (wj32) C:\Program Files\02468ACN.exe
2015-08-11 20:46 - 2015-08-11 20:46 - 1415680 _____ (wj32) C:\Program Files\02468AKX.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\0AK4EO88.exe
2015-07-03 16:44 - 2015-07-03 16:44 - 1415680 _____ (wj32) C:\Program Files\0AKUEO6G.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\0IYMKE6E.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\0K4K88GW.exe
2015-08-10 22:48 - 2015-08-10 22:48 - 1415680 _____ (wj32) C:\Program Files\0K4OC8G0.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\0K4OKOSC.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\0M8WCS8Y.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\0NJCTM9Y.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\0OTAOMVD.exe
2015-09-05 03:25 - 2015-09-05 03:25 - 1415680 _____ (wj32) C:\Program Files\0YWOAKCW.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\13579BDF.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\1L1L5P5T.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\1L5L5P5L.exe
2015-09-08 00:47 - 2015-09-08 00:47 - 1415680 _____ (wj32) C:\Program Files\1L5P5PDT.exe
2015-08-24 03:00 - 2015-08-24 03:00 - 1415680 _____ (wj32) C:\Program Files\1L5P9P1T.exe
2015-08-14 01:53 - 2015-08-14 01:53 - 1415680 _____ (wj32) C:\Program Files\1L5P9T1P.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 1415680 _____ (wj32) C:\Program Files\1L5P9T9P.exe
2015-09-24 01:38 - 2015-09-24 01:38 - 1415680 _____ (wj32) C:\Program Files\1L5P9TDX.exe
2015-08-22 03:00 - 2015-08-22 03:00 - 1415680 _____ (wj32) C:\Program Files\1L5P9TP1.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\1L5PD991.exe
2015-09-08 00:48 - 2015-09-08 00:48 - 1415680 _____ (wj32) C:\Program Files\1ZUB61WE.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\20IMA88A.exe
2015-09-17 02:47 - 2015-09-17 02:47 - 1415680 _____ (wj32) C:\Program Files\213210ZG.exe
2015-09-09 04:14 - 2015-09-09 04:14 - 1415680 _____ (wj32) C:\Program Files\2468ACRV.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\2CMWGKUG.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\2M2M6KAM.exe
2015-08-14 01:53 - 2015-08-14 01:53 - 1415680 _____ (wj32) C:\Program Files\2M6KAK2U.exe
2015-08-14 01:41 - 2015-08-14 01:41 - 1415680 _____ (wj32) C:\Program Files\2MW64EE8.exe
2015-09-24 01:32 - 2015-09-24 01:32 - 1415680 _____ (wj32) C:\Program Files\314NS1BY.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\33RHZ9LT.exe
2015-08-14 02:03 - 2015-08-14 02:03 - 1415680 _____ (wj32) C:\Program Files\3543213J.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\35432UXF.exe
2015-08-11 20:46 - 2015-08-11 20:46 - 1415680 _____ (wj32) C:\Program Files\3579BATX.exe
2015-09-15 23:02 - 2015-09-15 23:02 - 1415680 _____ (wj32) C:\Program Files\3579BDFB.exe
2015-09-08 00:42 - 2015-09-08 00:42 - 1415680 _____ (wj32) C:\Program Files\3579BDFT.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\3579BKUT.exe
2015-07-03 16:44 - 2015-07-03 16:44 - 1415680 _____ (wj32) C:\Program Files\3N3N7RZJ.exe
2015-09-24 02:38 - 2015-09-24 02:38 - 1415680 _____ (wj32) C:\Program Files\3N7FBBF3.exe
2015-08-14 01:30 - 2015-08-14 01:30 - 1415680 _____ (wj32) C:\Program Files\3N7JFJNF.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\3N7RBVBR.exe
2015-09-16 13:13 - 2015-09-16 13:13 - 1415680 _____ (wj32) C:\Program Files\4321321I.exe
2015-07-22 22:19 - 2015-07-22 22:19 - 1415680 _____ (wj32) C:\Program Files\4354327H.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\468NPRTR.exe
2015-08-14 01:50 - 2015-08-14 01:50 - 1415680 _____ (wj32) C:\Program Files\49BTTVJU.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\4K4O8S8K.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\4K4O8S8W.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\4O4O8S4S.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\4O8O8S8O.exe
2015-09-10 03:34 - 2015-09-10 03:34 - 1415680 _____ (wj32) C:\Program Files\4O8S40OC.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\4O8S8S8W.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\4O8SCS8S.exe
2015-08-24 03:00 - 2015-08-24 03:00 - 1415680 _____ (wj32) C:\Program Files\4O8SCSC0.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\4O8SCW4S.exe
2015-07-03 16:44 - 2015-07-03 16:44 - 1415680 _____ (wj32) C:\Program Files\4O8SCW8W.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\4O8SCWCO.exe
2015-08-14 01:30 - 2015-08-14 01:30 - 1415680 _____ (wj32) C:\Program Files\4O8SCWGC.exe
2015-07-21 14:22 - 2015-07-21 14:22 - 1415680 _____ (wj32) C:\Program Files\4WO36ROI.exe
2015-09-16 13:13 - 2015-09-16 13:13 - 1415680 _____ (wj32) C:\Program Files\5432432F.exe
2015-08-17 12:30 - 2015-08-17 12:30 - 1415680 _____ (wj32) C:\Program Files\579BDSUY.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\5CGXLNBR.exe
2015-07-03 16:44 - 2015-07-03 16:44 - 1415680 _____ (wj32) C:\Program Files\5P9TDT1T.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\5P9TDX51.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\5P9TDX5X.exe
2015-09-08 00:48 - 2015-09-08 00:48 - 1415680 _____ (wj32) C:\Program Files\5T50OJTN.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\5TH5L9TX.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\5V3XDNRL.exe
2015-09-16 13:13 - 2015-09-16 13:13 - 1415680 _____ (wj32) C:\Program Files\68RAK26R.exe
2015-08-18 13:33 - 2015-08-18 13:33 - 1415680 _____ (wj32) C:\Program Files\6KAKEMK6.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\6KAUAUAY.exe
2015-08-14 01:54 - 2015-08-14 01:54 - 1415680 _____ (wj32) C:\Program Files\6KAUEUAU.exe
2015-08-10 22:47 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\6KAUEYI2.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\6KAUIMK6.exe
2015-08-11 20:43 - 2015-08-11 20:43 - 1415680 _____ (wj32) C:\Program Files\6M6IEAI6.exe
2015-08-14 01:50 - 2015-08-14 01:50 - 1415680 _____ (wj32) C:\Program Files\6M6KAUEA.exe
2015-09-24 03:09 - 2015-09-24 03:09 - 1415680 _____ (wj32) C:\Program Files\6OSKEC0C.exe
2015-08-14 02:06 - 2015-08-14 02:06 - 1415680 _____ (wj32) C:\Program Files\6WJ04EU2.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\7654N6WP.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\79BDSUY6.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\79BKSUWU.exe
2015-09-05 14:28 - 2015-09-05 14:28 - 1415680 _____ (wj32) C:\Program Files\7RBRBV7V.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\7RBRBVF3.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\7RBVBVF3.exe
2015-08-22 03:00 - 2015-08-22 03:00 - 1415680 _____ (wj32) C:\Program Files\7RBVFVFZ.exe
2015-08-11 19:33 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\7RBVFZF3.exe
2015-07-26 00:34 - 2015-07-26 00:34 - 1415680 _____ (wj32) C:\Program Files\7RBVFZFN.exe
2015-09-04 21:06 - 2015-09-04 21:06 - 1415680 _____ (wj32) C:\Program Files\87657NH4.exe
2015-09-16 22:32 - 2015-09-16 22:32 - 1415680 _____ (wj32) C:\Program Files\8ACESCWL.exe
2015-09-16 22:31 - 2015-09-16 22:31 - 1415680 _____ (wj32) C:\Program Files\8BJ8JRMZ.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\8BXVTFUV.exe
2015-09-17 02:47 - 2015-09-17 02:47 - 1415680 _____ (wj32) C:\Program Files\8H0J2XGR.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\8SCWG0G4.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\8SCWKOS8.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\9B64ZG4C.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\9INR3CO6.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\9M1TYHN1.exe
2015-08-14 01:54 - 2015-08-14 01:54 - 1415680 _____ (wj32) C:\Program Files\9P9TDXHT.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\9TDTDX5T.exe
2015-07-26 00:34 - 2015-07-26 00:34 - 1415680 _____ (wj32) C:\Program Files\9TDTDXD5.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\9TDXH1DX.exe
2015-08-11 20:38 - 2015-08-11 20:38 - 1415680 _____ (wj32) C:\Program Files\9TDXH1HL.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\9TDXHXD5.exe
2015-07-03 15:21 - 2015-07-03 15:21 - 1415680 _____ (wj32) C:\Program Files\A7EANZXH.exe
2015-08-17 17:17 - 2015-08-17 17:17 - 1415680 _____ (wj32) C:\Program Files\A7URROGC.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\A987683N.exe
2015-09-17 02:47 - 2015-09-17 02:47 - 1415680 _____ (wj32) C:\Program Files\A987987R.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\AKMI6UMM.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\AUAMI6I2.exe
2015-09-08 00:47 - 2015-09-08 00:47 - 1415680 _____ (wj32) C:\Program Files\AUAUEY6K.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\AUEYI2AA.exe
2015-08-11 19:32 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\AUEYI2I2.exe
2015-09-24 01:38 - 2015-09-24 01:38 - 1415680 _____ (wj32) C:\Program Files\AUEYI2M2.exe
2015-09-08 00:48 - 2015-09-08 00:48 - 1415680 _____ (wj32) C:\Program Files\B6IRWR34.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\BA98791H.exe
2015-09-05 03:24 - 2015-09-05 03:24 - 1415680 _____ (wj32) C:\Program Files\BDNXU4W7.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\BGPAYNHG.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\BUDRD6DM.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 1415680 _____ (wj32) C:\Program Files\BVBVFZJB.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\BVBVFZZJ.exe
2015-08-14 01:54 - 2015-08-14 01:54 - 1415680 _____ (wj32) C:\Program Files\BVFVVRVJ.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\BVFZFZJB.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\BVFZJ3J3.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\BVFZJ3NJ.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\BVFZJZ3J.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\BVFZNRVF.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\BX3SVD8T.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\C0C80WC0.exe
2015-08-15 03:01 - 2015-08-15 03:01 - 1415680 _____ (wj32) C:\Program Files\C5YRKD6S.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\CEDCBACJ.exe
2015-08-14 15:28 - 2015-08-14 15:28 - 1415680 _____ (wj32) C:\Program Files\CEGIKMO2.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\CKU8J2JH.exe
2015-07-26 00:35 - 2015-07-26 00:35 - 1415680 _____ (wj32) C:\Program Files\CVX2BZBI.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\CWG0K0G0.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\CWG0K4C0.exe
2015-09-10 03:12 - 2015-09-10 03:12 - 1415680 _____ (wj32) C:\Program Files\CWG0K4G0.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\CWG0K4O0.exe
2015-09-08 00:47 - 2015-09-17 19:25 - 1415680 _____ (wj32) C:\Program Files\CWG0K4OC.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\CWG0KG8O.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 1415680 _____ (wj32) C:\Program Files\CWG0WSWO.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\CWGWKKS8.exe
2015-09-08 00:48 - 2015-09-08 00:48 - 1415680 _____ (wj32) C:\Program Files\D15LR7RN.exe
2015-09-21 01:01 - 2015-09-21 01:01 - 1415680 _____ (wj32) C:\Program Files\D1HDL9P5.exe
2015-08-11 19:27 - 2015-08-11 19:31 - 1415680 _____ (wj32) C:\Program Files\D9D9PLP9.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\DCEDCB3N.exe
2015-09-09 11:56 - 2015-09-09 11:56 - 1415680 _____ (wj32) C:\Program Files\DF79B058.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\DFHJLNP3.exe
2015-08-11 20:46 - 2015-08-11 20:46 - 1415680 _____ (wj32) C:\Program Files\DFHJLNPI.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\DTVXHF5T.exe
2015-09-05 03:00 - 2015-09-05 03:00 - 1415680 _____ (wj32) C:\Program Files\DXDXH1L1.exe
2015-09-26 01:51 - 2015-09-26 01:51 - 1415680 _____ (wj32) C:\Program Files\DXH1BVCV.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\DXH1L1D5.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\DXH1L1HX.exe
2015-08-11 20:43 - 2015-08-11 20:43 - 1415680 _____ (wj32) C:\Program Files\DXH1L5LX.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\DXH1L5P9.exe
2015-07-31 15:16 - 2015-07-31 15:16 - 1415680 _____ (wj32) C:\Program Files\DXTDX4CJ.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\DZJXFVDN.exe
2015-08-14 02:06 - 2015-08-14 02:06 - 1415680 _____ (wj32) C:\Program Files\E3AU4RBI.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\EGIKMO3Y.exe
2015-09-16 22:31 - 2015-09-16 22:31 - 1415680 _____ (wj32) C:\Program Files\EGIKMOHB.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\EUEYI2MA.exe
2015-08-11 19:33 - 2015-08-11 20:44 - 1415680 _____ (wj32) C:\Program Files\EYI2I2IY.exe
2015-09-24 03:09 - 2015-09-24 03:09 - 1415680 _____ (wj32) C:\Program Files\EYI2M6KE.exe
2015-08-14 03:00 - 2015-08-14 03:00 - 1415680 _____ (wj32) C:\Program Files\EYI2M6KM.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\EYI2YMUM.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\EYI2YU2M.exe
2015-09-05 03:25 - 2015-09-05 03:25 - 1415680 _____ (wj32) C:\Program Files\FHTV02K1.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\FVFRNBNB.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\FVJH5LD9.exe
2015-09-08 00:48 - 2015-09-08 00:48 - 1415680 _____ (wj32) C:\Program Files\FXVDBFVH.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\FZFZJ3BZ.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\FZJ3J3JB.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\FZJ3N7N3.exe
2015-08-11 20:43 - 2015-08-11 20:43 - 1415680 _____ (wj32) C:\Program Files\G0K40OWO.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\G0K40WWK.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\G0K4O8K4.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\G0K4O8SG.exe
2015-08-14 01:30 - 2015-08-14 01:30 - 1415680 _____ (wj32) C:\Program Files\G0K4OKGW.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\G0K4SOWC.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\G0K4SWSG.exe
2015-07-03 23:27 - 2015-07-03 23:27 - 1415680 _____ (wj32) C:\Program Files\GC08OKGW.exe
2015-07-03 16:43 - 2015-07-03 16:43 - 1415680 _____ (wj32) C:\Program Files\GFEDFEGT.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\GMMCIAMI.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\GP1RA09H.exe
2015-07-26 00:35 - 2015-07-26 00:35 - 1415680 _____ (wj32) C:\Program Files\H1L1L5L5.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\H1L5P9P5.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\H4MK1JUC.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\H4SG3RSA.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\H59D15HT.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\HFIX4HOR.exe
2015-08-14 02:07 - 2015-08-14 02:07 - 1415680 _____ (wj32) C:\Program Files\HJLNPRT7.exe
2015-09-16 13:13 - 2015-09-16 13:13 - 1415680 _____ (wj32) C:\Program Files\HP9PLPPP.exe
2015-07-03 15:21 - 2015-07-03 15:21 - 1415680 _____ (wj32) C:\Program Files\HPLTH51X.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\HS6HWKNO.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\HXH1L5L5.exe
2015-08-11 23:14 - 2015-08-11 23:14 - 1415680 _____ (wj32) C:\Program Files\HXH1L5LX.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\HXH1XT1P.exe
2015-08-14 02:19 - 2015-09-24 02:38 - 1415680 _____ (wj32) C:\Program Files\I2I2M6K2.exe
2015-08-24 03:00 - 2015-08-24 03:00 - 1415680 _____ (wj32) C:\Program Files\I2M2M6KI.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\I2M6K6KI.exe
2015-08-11 19:31 - 2015-08-11 19:31 - 1415680 _____ (wj32) C:\Program Files\I2M6KAAM.exe
2015-08-11 19:32 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\I2M6KAUE.exe
2015-09-10 03:34 - 2015-09-23 13:29 - 1415680 _____ (wj32) C:\Program Files\I2M6KAUI.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\I2M6M6IA.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\I2M6M6KE.exe
2015-09-23 13:29 - 2015-09-23 13:29 - 1415680 _____ (wj32) C:\Program Files\I2M6M6KI.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\IHGFEGIV.exe
2015-08-15 03:01 - 2015-08-15 03:01 - 1415680 _____ (wj32) C:\Program Files\IKMO3564.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\IKMOKSUT.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\IKMOKSUW.exe
2015-07-29 16:01 - 2015-07-29 16:01 - 1415680 _____ (wj32) C:\Program Files\IKZ13575.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\IR6F1H1G.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\IXZ135G2.exe
2015-09-17 02:47 - 2015-09-17 02:47 - 1415680 _____ (wj32) C:\Program Files\J3DNXHLT.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\J3N3N7RJ.exe
2015-07-26 00:33 - 2015-07-26 00:33 - 1415680 _____ (wj32) C:\Program Files\J3N73Z3R.exe
2015-09-11 23:50 - 2015-09-11 23:50 - 1415680 _____ (wj32) C:\Program Files\J3N73Z7N.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\J3N7RBN7.exe
2015-08-14 01:30 - 2015-08-14 01:30 - 1415680 _____ (wj32) C:\Program Files\J3N7RBVB.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\J5KZEWWO.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\JECEKL9A.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\JGPW05YE.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\JIKJIHMW.exe
2015-06-30 16:45 - 2015-06-30 16:45 - 1415680 _____ (wj32) C:\Program Files\JL026KG5.exe
2015-06-30 16:45 - 2015-06-30 16:45 - 1415680 _____ (wj32) C:\Program Files\JLNPR61Z.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 1415680 _____ (wj32) C:\Program Files\JZJ3N73V.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\JZJ3N7J7.exe
2015-08-19 03:00 - 2015-08-19 03:00 - 1415680 _____ (wj32) C:\Program Files\K0K4O8SC.exe
2015-08-14 01:41 - 2015-08-14 01:41 - 1415680 _____ (wj32) C:\Program Files\K4K4084S.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\K4K4O8OC.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\K4K4O8S4.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\K4K4O8SG.exe
2015-09-24 01:32 - 2015-09-24 01:32 - 1415680 _____ (wj32) C:\Program Files\K4O4O8KC.exe
2015-09-11 23:50 - 2015-09-11 23:50 - 1415680 _____ (wj32) C:\Program Files\K4O4O8SO.exe
2015-08-18 03:00 - 2015-08-18 03:00 - 1415680 _____ (wj32) C:\Program Files\K4O8O8W8.exe
2015-09-16 13:13 - 2015-09-16 13:13 - 1415680 _____ (wj32) C:\Program Files\K4O8SCS4.exe
2015-08-11 20:44 - 2015-08-11 20:44 - 1415680 _____ (wj32) C:\Program Files\K4O8SGC0.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\K4O8W04O.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\K4OWWKSG.exe
2015-09-05 03:00 - 2015-09-05 03:00 - 1415680 _____ (wj32) C:\Program Files\KAKAUEKA.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\KAUAUEEK.exe
2015-09-09 16:28 - 2015-09-09 16:28 - 1415680 _____ (wj32) C:\Program Files\KAUEYI2K.exe
2015-09-24 02:38 - 2015-09-24 02:38 - 1415680 _____ (wj32) C:\Program Files\KAUEYI6I.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\KAUEYIMA.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\KAUEYIYM.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\KGI1DHCU.exe
2015-08-11 20:46 - 2015-08-11 20:46 - 1415680 _____ (wj32) C:\Program Files\KMOKSU57.exe
2015-08-14 15:28 - 2015-08-14 15:28 - 1415680 _____ (wj32) C:\Program Files\KMOKSUWV.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\KOVL1FC5.exe
2015-09-24 01:38 - 2015-09-24 01:38 - 1415680 _____ (wj32) C:\Program Files\KPONMOKC.exe
2015-09-16 22:32 - 2015-09-16 22:32 - 1415680 _____ (wj32) C:\Program Files\KSUWBDEL.exe
2015-08-14 02:07 - 2015-08-14 02:07 - 1415680 _____ (wj32) C:\Program Files\KSUWBDFA.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\L1L5P9T9.exe
2015-09-15 23:02 - 2015-09-15 23:02 - 1415680 _____ (wj32) C:\Program Files\L1L5P9TD.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\L5P5P9LH.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\L5P9519T.exe
2015-08-11 23:14 - 2015-08-11 23:14 - 1415680 _____ (wj32) C:\Program Files\L5P9TDPD.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\L5P9TDPH.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\L5P9TDXD.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\LCE5XURU.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\LJ91ZXBF.exe
2015-07-31 15:16 - 2015-07-31 15:16 - 1415680 _____ (wj32) C:\Program Files\LNP468OV.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\LNPR8CWA.exe
2015-09-24 03:23 - 2015-09-24 03:23 - 1415680 _____ (wj32) C:\Program Files\LNPRTVXS.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\LNPRTVXW.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\M6K6KAKE.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\M6KA6U2U.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\M6KAUEUI.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\M6KAYUUM.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\M6M6KAU6.exe
2015-08-16 22:40 - 2015-08-16 22:40 - 1415680 _____ (wj32) C:\Program Files\M6M6KAUI.exe
2015-07-30 15:30 - 2015-07-30 15:30 - 1415680 _____ (wj32) C:\Program Files\MIBRTBML.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\MLNMLKCW.exe
2015-07-26 00:36 - 2015-07-26 00:36 - 1415680 _____ (wj32) C:\Program Files\MLNMLKP3.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\MW6K0AUO.exe
2015-09-10 03:34 - 2015-09-10 03:34 - 1415680 _____ (wj32) C:\Program Files\N3N7RBV7.exe
2015-09-05 03:25 - 2015-09-05 03:25 - 1415680 _____ (wj32) C:\Program Files\N7N7RBNB.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\N7N7V3ZN.exe
2015-07-26 00:36 - 2015-07-26 00:36 - 1415680 _____ (wj32) C:\Program Files\N7R7RBRF.exe
2015-08-14 01:54 - 2015-08-14 01:54 - 1415680 _____ (wj32) C:\Program Files\N7R7RBVF.exe
2015-08-14 01:53 - 2015-09-11 23:50 - 1415680 _____ (wj32) C:\Program Files\N7RBRBVN.exe
2015-09-24 01:50 - 2015-09-24 01:50 - 1415680 _____ (wj32) C:\Program Files\N7RBVFZB.exe
2015-09-24 02:43 - 2015-09-24 02:43 - 1415680 _____ (wj32) C:\Program Files\NMLKMLK4.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\NT5X99XZ.exe
2015-08-11 23:14 - 2015-08-11 23:14 - 1415680 _____ (wj32) C:\Program Files\O8O8SCWW.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\O8S8SCWO.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\O8SCSCOG.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\O8SCWCWO.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\O8SCWGK8.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\O8SCWGOC.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\OKPONMR4.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\ONMLNML5.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\OVS53A3K.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\P1T2KJ25.exe
2015-08-12 20:24 - 2015-08-12 20:24 - 1415680 _____ (wj32) C:\Program Files\P9P9TDT5.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\P9T9TDXP.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\P9TD1591.exe
2015-07-03 16:44 - 2015-07-03 16:44 - 1415680 _____ (wj32) C:\Program Files\P9TD1XXP.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 1415680 _____ (wj32) C:\Program Files\P9TDXH11.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\POKPYHAU.exe
2015-09-16 22:31 - 2015-09-16 22:31 - 1415680 _____ (wj32) C:\Program Files\PRTVXZ10.exe
2015-07-31 15:16 - 2015-07-31 15:16 - 1415680 _____ (wj32) C:\Program Files\PRTVXZSC.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\R0CO4NSM.exe
2015-07-30 15:30 - 2015-07-30 15:30 - 1415680 _____ (wj32) C:\Program Files\R14BLIFC.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\R35A6KF7.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\R3JPPNPL.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\R68ACEGU.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\R7RBVFVB.exe
2015-09-04 21:05 - 2015-09-04 21:05 - 1415680 _____ (wj32) C:\Program Files\R7RBVFVJ.exe
2015-08-11 19:33 - 2015-09-09 16:28 - 1415680 _____ (wj32) C:\Program Files\RBV73Z3V.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\RBVFZFVN.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\RBVFZJZB.exe
2015-09-05 03:25 - 2015-09-05 03:25 - 1415680 _____ (wj32) C:\Program Files\RF1JNB9H.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\RKSK0J9K.exe
2015-09-10 03:34 - 2015-09-10 03:34 - 1415680 _____ (wj32) C:\Program Files\RNJV3N7B.exe
2015-07-06 22:23 - 2015-07-06 22:23 - 1415680 _____ (wj32) C:\Program Files\RTVXBS8A.exe
2015-08-01 16:55 - 2015-08-01 16:55 - 1415680 _____ (wj32) C:\Program Files\RTVXZ1HY.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\RY0DK7P7.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\S8SCWG0K.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\SCWG0WS8.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\SCWG40G4.exe
2015-08-14 01:53 - 2015-08-14 01:53 - 1415680 _____ (wj32) C:\Program Files\SCWG48CW.exe
2015-09-17 02:47 - 2015-09-17 02:47 - 1415680 _____ (wj32) C:\Program Files\SCWGC8C4.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\SCWGW8KW.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\SD3ES6KU.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\SDM8B310.exe
2015-08-11 19:31 - 2015-08-11 19:31 - 1415680 _____ (wj32) C:\Program Files\SFR3K2FD.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\SRKI1KK1.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\SRTSRKL5.exe
2015-09-26 01:54 - 2015-09-26 01:54 - 1415680 _____ (wj32) C:\Program Files\SU9BDFH6.exe
2015-08-14 02:06 - 2015-08-14 02:06 - 1415680 _____ (wj32) C:\Program Files\SUWYDFDB.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\TDTDXH1D.exe
2015-08-14 01:50 - 2015-08-19 03:00 - 1415680 _____ (wj32) C:\Program Files\TDTDXH1T.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\TDXDXH1P.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\TDXDXHPD.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\TDXH1HXH.exe
2015-09-24 01:33 - 2015-09-24 01:33 - 1415680 _____ (wj32) C:\Program Files\TDXH1L5X.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\TDXH1LXH.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\TDXH519L.exe
2015-08-14 01:53 - 2015-08-14 01:53 - 1415680 _____ (wj32) C:\Program Files\TDXH59DT.exe
2015-08-18 13:33 - 2015-08-18 13:33 - 1415680 _____ (wj32) C:\Program Files\TJC5VOHJ.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\TJGDW8WI.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\TVACEGUO.exe
2015-08-14 15:28 - 2015-08-14 15:28 - 1415680 _____ (wj32) C:\Program Files\TVXCEGKO.exe
2015-08-11 20:46 - 2015-08-11 20:46 - 1415680 _____ (wj32) C:\Program Files\TVXZ13B9.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\U38AMTKS.exe
2015-08-17 17:13 - 2015-08-17 17:13 - 1415680 _____ (wj32) C:\Program Files\U9BDFHJH.exe
2015-09-24 03:09 - 2015-09-24 03:09 - 1415680 _____ (wj32) C:\Program Files\UAUEYI2E.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\UEEG8V09.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\UEYA626U.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\UEYI2IYK.exe
2015-09-26 02:50 - 2015-09-26 02:50 - 1415680 _____ (wj32) C:\Program Files\UEYI6AIY.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\UWVUTSUE.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\V49INCVD.exe
2015-09-05 03:25 - 2015-09-05 03:25 - 1415680 _____ (wj32) C:\Program Files\V5F97HBH.exe
2015-08-18 13:33 - 2015-08-18 13:33 - 1415680 _____ (wj32) C:\Program Files\VFPZ9T31.exe
2015-09-24 01:32 - 2015-09-24 01:32 - 1415680 _____ (wj32) C:\Program Files\VFVF3BFV.exe
2015-08-14 01:54 - 2015-08-14 01:54 - 1415680 _____ (wj32) C:\Program Files\VFZB737Z.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\VFZJ3N7J.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\VFZJZJVJ.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\VH3OGLKX.exe
2015-09-11 20:22 - 2015-09-11 20:22 - 1415680 _____ (wj32) C:\Program Files\VXZ13575.exe
2015-08-16 22:41 - 2015-08-16 22:41 - 1415680 _____ (wj32) C:\Program Files\W41OKX92.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\WCWG0K0K.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\WG0C8480.exe
2015-09-26 01:55 - 2015-09-26 01:55 - 1415680 _____ (wj32) C:\Program Files\WG0K0K40.exe
2015-07-03 23:28 - 2015-07-03 23:28 - 1415680 _____ (wj32) C:\Program Files\WG0K4O4K.exe
2015-08-11 19:36 - 2015-08-11 19:36 - 1415680 _____ (wj32) C:\Program Files\WG0K4O4O.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\WG0K4OCO.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\WG0K8CG0.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\WSC8W8S8.exe
2015-08-14 02:07 - 2015-08-14 02:07 - 1415680 _____ (wj32) C:\Program Files\WYDFHJUG.exe
2015-08-14 01:55 - 2015-08-14 01:55 - 1415680 _____ (wj32) C:\Program Files\WYW7JSBT.exe
2015-07-21 14:22 - 2015-07-21 14:22 - 1415680 _____ (wj32) C:\Program Files\X2OK6L58.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\XDXH1L51.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\XEPK4FAT.exe
2015-08-13 03:01 - 2015-08-13 03:01 - 1415680 _____ (wj32) C:\Program Files\XH1L1L55.exe
2015-09-24 01:32 - 2015-09-24 01:32 - 1415680 _____ (wj32) C:\Program Files\XH1L5P5T.exe
2015-09-11 23:50 - 2015-09-11 23:50 - 1415680 _____ (wj32) C:\Program Files\XH1L5PDP.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\XHX9519X.exe
2015-08-18 22:01 - 2015-08-18 22:01 - 1415680 _____ (wj32) C:\Program Files\XHXHDLP5.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\XRDDHD35.exe
2015-08-14 02:19 - 2015-08-14 02:19 - 1415680 _____ (wj32) C:\Program Files\XWVX6WMZ.exe
2015-09-10 03:34 - 2015-09-10 03:34 - 1415680 _____ (wj32) C:\Program Files\XWVXWVUD.exe
2015-09-09 04:14 - 2015-09-09 04:14 - 1415680 _____ (wj32) C:\Program Files\XZ135798.exe
2015-09-16 22:32 - 2015-09-16 22:32 - 1415680 _____ (wj32) C:\Program Files\XZ1357M8.exe
2015-08-14 02:07 - 2015-08-14 02:07 - 1415680 _____ (wj32) C:\Program Files\Y02468NI.exe
2015-08-11 20:39 - 2015-08-11 20:39 - 1415680 _____ (wj32) C:\Program Files\Y8S2K044.exe
2015-09-24 02:51 - 2015-09-24 02:51 - 1415680 _____ (wj32) C:\Program Files\YHCVL8K1.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\YI2EA6A2.exe
2015-09-24 01:52 - 2015-09-24 01:52 - 1415680 _____ (wj32) C:\Program Files\YI2M2MYM.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\YI2M6K6I.exe
2015-07-26 00:34 - 2015-07-26 00:34 - 1415680 _____ (wj32) C:\Program Files\YI2M6KYI.exe
2015-09-24 01:32 - 2015-09-24 01:32 - 1415680 _____ (wj32) C:\Program Files\YI2M6KYK.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\YI2M6M2U.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\YI2MAEI2.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\YKIA2KOU.exe
2015-08-14 01:52 - 2015-08-14 01:52 - 1415680 _____ (wj32) C:\Program Files\YM5E4ZNJ.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\YXWVXWYF.exe
2015-08-14 02:07 - 2015-08-14 02:07 - 1415680 _____ (wj32) C:\Program Files\Z13579BA.exe
2015-08-14 00:59 - 2015-08-14 00:59 - 1415680 _____ (wj32) C:\Program Files\Z7J07AH0.exe
2015-08-11 19:32 - 2015-08-11 19:32 - 1415680 _____ (wj32) C:\Program Files\ZFZB7V7V.exe
2015-08-14 02:10 - 2015-08-14 02:10 - 1415680 _____ (wj32) C:\Program Files\ZFZJ3NBZ.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\ZFZJ3RN7.exe
2015-09-10 03:34 - 2015-09-10 03:34 - 1415680 _____ (wj32) C:\Program Files\ZIPM57LL.exe
2015-08-11 19:33 - 2015-08-11 19:33 - 1415680 _____ (wj32) C:\Program Files\ZJ3N7R7N.exe
2015-08-11 19:32 - 2015-09-24 01:38 - 1415680 _____ (wj32) C:\Program Files\ZJ3N7R7R.exe
2015-08-19 03:00 - 2015-08-19 03:00 - 1415680 _____ (wj32) C:\Program Files\ZJ3N7RZR.exe
2015-08-14 00:56 - 2015-08-14 00:56 - 1415680 _____ (wj32) C:\Program Files\ZJ3NBFN3.exe
2016-11-22 01:04 - 2016-11-22 01:04 - 0000000 ____H () C:\Users\HP\AppData\Local\BIT25F3.tmp
2011-04-12 23:50 - 2011-07-31 11:08 - 0006144 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 22:50 - 2015-07-12 12:55 - 0005098 _____ () C:\Users\HP\AppData\Local\mbt-actwiz.log
2017-02-06 22:18 - 2017-02-06 22:18 - 0000017 _____ () C:\Users\HP\AppData\Local\resmon.resmoncfg
2016-11-22 01:04 - 2016-11-22 01:04 - 0000000 _____ () C:\Users\HP\AppData\Local\{40416124-5CD1-4AA9-B75F-AEF1ED1920B2}
2011-01-16 20:58 - 2011-01-16 20:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2016-03-17 19:17 - 2016-03-17 19:17 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

ZeroAccess:
C:\Windows\Installer\{f28d0201-9fbb-e66d-0f67-81abc29b99df}
C:\Windows\Installer\{f28d0201-9fbb-e66d-0f67-81abc29b99df}\L\00000004.@

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-12 18:35

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your next reply, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites
star240

star240

Posted
  • Author
Posted

applied step 1 the fixlog.txt file is attached with this post

but again the computer crashed when I ran a scan with Malware bytes are scanning 40,000 files as always. The fan made a lot of noise and then the computer shut down. The same happens when I run Microsoft security essentials scan. I have deleted security essentials days back. should I activate Wndows defender? and is my previous data safe from these scans? how do I proceed?

Fixlog.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes you have nasty ZeroAccess infection, this infection also attracts and installs other malicous entries. It will also change some service settings.. Run FRST again as follows please;

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Next, also this please:

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Let me see those logs...

Thank you,

Kevin...

Link to post
Share on other sites
star240

star240

Posted
  • Author
Posted

hi here is the Farbar service scanner file text while the FRST and ADDITION files are attached.

 

Farbar Service Scanner Version: 27-01-2016
Ran by HP (administrator) on 08-02-2017 at 00:45:50
Running from "C:\Users\HP\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy: 
========================


Action Center:
============

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

FRST.txt

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
user posted image
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 
  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
    user posted image
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    user posted image
     
  • Press start scan
  • The scan will now commence

    user posted image

     
  • Once the scan has finished click open report <<<--- Do not miss this step

    user posted image

     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive, Please attach it to your next reply…

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

The temps maybe related to the infection, main problem will not be fixed after just running DrWeb. There are definite service issues, either missing or exploited. The type of infection you have is very unpredicatable, it really depends how long it was active on your system before any type of fix was tried. The longer it runs unchecked the more problems happen...

Why do you ask, are you contemplating a reinstall...?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Are there any error codes when the system crashes...? Are there any files in this folder C:\Windows\Minidump if so zip and attach that folder...

I`ve attached 3 zip files, download and unzip each one to your Desktop. You will then have 3 registry files IP_helper.reg, Security_Center.reg and Windows_Firewall.reg

Double click on each ,reg file in turn, agree any alerts or merges. Re-boot when complete....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Next,

Run FSS tool again....

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

IP_Helper.zip

Security_Center.zip

Windows_Firewall.zip

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Run the following and post its log...

Please download VEW by Vino Rosso from HERE and save it to your Desktop.
 
  • Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.



Please post the Output log in your next reply.

Thank you,

Kevin....

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.