TechSpot

Newbie with DOS/Rovnix.V virus

Solved
By Roger8118
Dec 22, 2013
  1. Please forgive me if I am not doing this correctly. I am trying to follow the posted instructions. I tried Windows Defender Offline/AVG/YAC to no avail. Thanks in advance for anyone that can help me.

    Roger


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.12.21.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Phantom :: PHANTOM-PC [administrator]
    12/21/2013 4:47:26 PM
    MBAM-log-2013-12-21 (16-59-48).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 293478
    Time elapsed: 11 minute(s), 46 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
    Registry Keys Detected: 10
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> No action taken.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
    HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
    HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    Registry Values Detected: 6
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> No action taken.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> No action taken.
    HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> No action taken.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> No action taken.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 6
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338 (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
    Files Detected: 11
    C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\62.ico (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\80.ico (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
    C:\Users\Phantom\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
    (end)


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2010 9:52:23 PM
    System Uptime: 12/21/2013 3:27:40 PM (7 hours ago)
    .
    Motherboard: MSI | | MSI X58 Pro-E (MS-7522)
    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 2514/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1397 GiB total, 765.101 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0001
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0001
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP532: 12/19/2013 10:15:11 PM - avast! antivirus system restore point
    RP533: 12/19/2013 10:26:05 PM - avast! antivirus system restore point
    RP534: 12/19/2013 11:32:48 PM - avast! antivirus system restore point
    RP535: 12/20/2013 3:20:31 PM - AA11
    RP536: 12/20/2013 3:35:56 PM - Installed AVG 2014
    RP537: 12/20/2013 3:36:25 PM - Installed AVG 2014
    RP538: 12/20/2013 8:45:20 PM - Removed 7-Zip 9.21
    RP539: 12/20/2013 8:52:02 PM - Removed AVG 2014
    RP540: 12/20/2013 9:02:25 PM - Removed AVG 2014
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    [​IMG] I still need DDS.txt log.
     
  3. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    I rescanned and checked and deleted all Items. I then ran a scan with DDS.com and it makes the attach.txt but not the DDs.txt, I don't know what I am doing wrong. Deleted and redownloaded but didn't help.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.12.21.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Phantom :: PHANTOM-PC [administrator]
    12/22/2013 5:54:23 PM
    mbam-log-2013-12-22 (17-54-23).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 340641
    Time elapsed: 32 minute(s), 12 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
    Registry Keys Detected: 10
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    Registry Values Detected: 6
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
    HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> Quarantined and deleted successfully.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 6
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    Files Detected: 11
    C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Phantom\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    (end)
    .

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2010 9:52:23 PM
    System Uptime: 12/22/2013 9:37:41 PM (1 hours ago)
    .
    Motherboard: MSI | | MSI X58 Pro-E (MS-7522)
    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 3067/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1397 GiB total, 763.629 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0001
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0001
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP532: 12/19/2013 10:15:11 PM - avast! antivirus system restore point
    RP533: 12/19/2013 10:26:05 PM - avast! antivirus system restore point
    RP534: 12/19/2013 11:32:48 PM - avast! antivirus system restore point
    RP535: 12/20/2013 3:20:31 PM - AA11
    RP536: 12/20/2013 3:35:56 PM - Installed AVG 2014
    RP537: 12/20/2013 3:36:25 PM - Installed AVG 2014
    RP538: 12/20/2013 8:45:20 PM - Removed 7-Zip 9.21
    RP539: 12/20/2013 8:52:02 PM - Removed AVG 2014
    RP540: 12/20/2013 9:02:25 PM - Removed AVG 2014
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  5. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
    Ran by Phantom (administrator) on PHANTOM-PC on 23-12-2013 22:47:44
    Running from C:\Users\Phantom\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
    HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
    HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-24] (Google Inc.)
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll ATTENTION! ====> ZeroAccess?
    HKCU\...\Policies\system: [NoSecCPL] 0
    HKCU\...\Policies\system: [NoDispCPL] 0
    HKCU\...\Policies\system: [NoDispBackgroundPage] 0
    HKCU\...\Policies\system: [NoDispScrSavPage] 0
    HKCU\...\Policies\system: [NoDispAppearancePage] 0
    HKCU\...\Policies\system: [NoDispSettingsPage] 0
    HKCU\...\Policies\system: [NoDevMgrPage] 0
    HKCU\...\Policies\system: [NoConfigPage] 0
    HKCU\...\Policies\system: [NoVirtMemPage] 0
    HKCU\...\Policies\system: [NoFileSysPage] 0
    HKCU\...\Policies\system: [NoNetSetup] 0
    HKCU\...\Policies\system: [NoNetSetupIDPage] 0
    HKCU\...\Policies\system: [NoNetSetupSecurityPage] 0
    HKCU\...\Policies\system: [NoWorkgroupContents] 0
    HKCU\...\Policies\system: [NoEntireNetwork] 0
    HKCU\...\Policies\system: [NoFileSharingControl] 0
    HKCU\...\Policies\Explorer: [NoThumbnailCache] 0
    HKCU\...\Policies\Explorer: [NoSaveSettings] 0
    HKCU\...\Policies\Explorer: [NoFolderOptions] 0x00000000
    HKCU\...\Policies\Explorer: [RestrictRun] 0
    HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    MountPoints2: F - F:\LaunchU3.exe -a
    MountPoints2: {2ed51819-0496-11e0-acec-406186cbf8a7} - E:\LaunchU3.exe -a
    MountPoints2: {b93aba28-3b24-11e2-90c3-406186cbf8a7} - E:\autorunner.exe "John Deere New Products 2012.exe"
    MountPoints2: {e4f56448-7f53-11e1-84ab-406186cbf8a7} - E:\MotoCastSetup.exe -a
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12D03BCF7226CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={6CAF0C1E-DE19-11E2-9493-406186CBF8A7}
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
    SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...1-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q...-9493-406186CBF8A7}&crg=3.5000006.10042&st=23
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
    DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.159.193.40 24.205.224.36
    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    ==================== Services (Whitelisted) =================
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-11-21] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
    ==================== Drivers (Whitelisted) ====================
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-01] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S4 Ntfddmkm; No ImagePath
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-14] ()
    S3 cpuz134; \??\C:\Users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    U0 helpsvc;
    U0 ImapiService;
    U0 Irmon;
    U0 Messenger;
    U0 srservice;
    U0 UPS;
    U0 WinDHCPsvc;
    U0 WZCSVC;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-12-23 22:47 - 2013-12-23 22:48 - 00014535 _____ C:\Users\Phantom\Downloads\FRST.txt
    2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Downloads\FRST64.exe
    2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
    2013-12-23 22:04 - 2013-12-23 22:08 - 00001751 _____ C:\Users\Phantom\Desktop\attach.txt
    2013-12-23 22:02 - 2013-12-23 22:03 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
    2013-12-22 13:23 - 2013-12-22 18:34 - 00004840 _____ C:\Windows\PFRO.log
    2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-21 16:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
    2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
    2013-12-21 14:25 - 2013-12-23 12:56 - 00001176 _____ C:\Windows\setupact.log
    2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
    2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
    2013-12-20 22:40 - 2013-12-23 22:43 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
    2013-12-20 22:40 - 2013-12-22 21:37 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
    2013-12-20 22:40 - 2013-12-20 22:45 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
    2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
    2013-12-20 22:38 - 2013-12-23 22:43 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-20 22:38 - 2013-12-21 16:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
    2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
    2013-12-20 15:41 - 2013-12-21 00:18 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
    2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
    2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
    2013-12-20 15:37 - 2013-12-20 21:05 - 00000000 ____D C:\ProgramData\AVG2014
    2013-12-20 15:36 - 2013-12-21 00:17 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-12-20 15:34 - 2013-12-21 00:17 - 00000000 ____D C:\ProgramData\MFAData
    2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
    2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
    2013-12-20 14:35 - 2013-12-20 14:39 - 00000162 _____ C:\Windows\Reimage.ini
    2013-12-20 14:11 - 2013-12-20 14:12 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
    2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-12-19 22:14 - 2013-12-19 23:36 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
    2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
    2013-12-19 15:46 - 2013-12-22 17:58 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
    2013-12-16 03:04 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2013-12-16 03:04 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2013-12-16 03:04 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2013-12-16 03:04 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-12-16 03:03 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-12-16 03:03 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-12-16 03:03 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-12-16 03:03 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-12-16 03:03 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-12-16 03:03 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-12-16 03:03 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-12-16 03:03 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-12-16 03:03 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-12-16 03:03 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-12-16 03:03 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-12-16 03:03 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-12-16 03:03 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-12-16 03:03 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-12-16 03:03 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-12-16 03:03 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-12-16 03:03 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-12-16 03:03 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-12-16 03:03 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-12-16 03:03 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-12-16 03:03 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-12-16 03:03 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-12-16 03:03 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-12-16 03:03 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-12-16 03:03 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-12-16 03:03 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-12-16 03:03 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-12-16 03:03 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-12-16 03:03 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-12-16 03:03 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-12-16 03:03 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
    2013-12-15 23:17 - 2013-11-29 10:58 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2013-12-15 23:17 - 2013-11-29 10:58 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2013-12-15 23:16 - 2013-10-30 11:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2013-12-15 23:16 - 2013-10-30 11:02 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2013-12-15 23:16 - 2013-10-30 11:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2013-12-15 23:04 - 2013-11-14 05:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2013-12-15 22:05 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2013-12-15 22:05 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-12-15 22:04 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-12-15 22:04 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2013-12-15 22:04 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2013-12-15 22:04 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2013-12-15 22:04 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-12-15 22:04 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2013-12-15 22:04 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-12-15 22:04 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2013-12-15 22:04 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2013-12-15 22:03 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2013-12-15 22:03 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2013-12-15 22:03 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
    2013-12-15 22:03 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
    2013-12-15 22:03 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2013-12-15 22:03 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2013-12-15 22:03 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2013-12-15 22:03 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
    ==================== One Month Modified Files and Folders =======
    2013-12-23 22:48 - 2013-12-23 22:47 - 00014535 _____ C:\Users\Phantom\Downloads\FRST.txt
    2013-12-23 22:48 - 2010-11-24 17:59 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Downloads\FRST64.exe
    2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
    2013-12-23 22:43 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
    2013-12-23 22:43 - 2013-12-20 22:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-23 22:41 - 2011-01-25 14:05 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-12-23 22:40 - 2013-11-14 18:40 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
    2013-12-23 22:36 - 2010-10-29 11:04 - 01131181 _____ C:\Windows\WindowsUpdate.log
    2013-12-23 22:08 - 2013-12-23 22:04 - 00001751 _____ C:\Users\Phantom\Desktop\attach.txt
    2013-12-23 22:03 - 2013-12-23 22:02 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
    2013-12-23 21:52 - 2012-04-01 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-23 19:48 - 2010-11-24 17:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-23 13:06 - 2010-11-23 02:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Adobe
    2013-12-23 13:01 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-23 13:01 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-23 12:56 - 2013-12-21 14:25 - 00001176 _____ C:\Windows\setupact.log
    2013-12-23 12:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-23 12:55 - 2010-10-29 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-12-22 22:52 - 2010-12-03 21:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\Deployment
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
    2013-12-22 21:37 - 2013-12-20 22:40 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
    2013-12-22 18:35 - 2009-07-13 23:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-22 18:34 - 2013-12-22 13:23 - 00004840 _____ C:\Windows\PFRO.log
    2013-12-22 18:28 - 2013-11-14 18:40 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\DigitalSite
    2013-12-22 17:58 - 2013-12-19 15:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
    2013-12-22 13:40 - 2013-11-14 19:40 - 00000101 _____ C:\Users\Phantom\AppData\Roaming\WB.CFG
    2013-12-21 23:08 - 2010-11-22 17:05 - 00000000 ____D C:\Users\Phantom\Documents\Roger
    2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-21 16:39 - 2013-12-20 22:38 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
    2013-12-21 16:34 - 2013-10-29 00:03 - 00000000 ____D C:\Windows\Minidump
    2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
    2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
    2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
    2013-12-21 00:18 - 2013-12-20 15:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
    2013-12-21 00:18 - 2012-02-21 18:37 - 00000000 ____D C:\Users\UpdatusUser.Phantom-PC
    2013-12-21 00:17 - 2013-12-20 15:36 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-12-21 00:17 - 2013-12-20 15:34 - 00000000 ____D C:\ProgramData\MFAData
    2013-12-21 00:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2013-12-20 23:47 - 2009-07-13 22:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
    2013-12-20 22:45 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
    2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
    2013-12-20 22:40 - 2010-11-20 21:52 - 00000000 ____D C:\Users\Phantom
    2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
    2013-12-20 21:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2013-12-20 21:05 - 2013-12-20 15:37 - 00000000 ____D C:\ProgramData\AVG2014
    2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
    2013-12-20 20:26 - 2010-11-21 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-12-20 15:45 - 2013-11-01 12:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\FzgyPack
    2013-12-20 15:43 - 2013-03-25 11:36 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Bitcoin
    2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
    2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
    2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
    2013-12-20 14:39 - 2013-12-20 14:35 - 00000162 _____ C:\Windows\Reimage.ini
    2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
    2013-12-20 14:12 - 2013-12-20 14:11 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
    2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-12-19 23:36 - 2013-12-19 22:14 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-12-19 22:21 - 2010-11-24 17:59 - 00000000 ____D C:\Users\Phantom\AppData\Local\Google
    2013-12-19 22:21 - 2010-11-24 17:58 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-19 22:08 - 2009-07-13 23:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
    2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
    2013-12-19 00:55 - 2010-11-25 21:06 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2013-12-16 13:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2013-12-16 03:24 - 2012-04-01 19:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-16 03:24 - 2012-04-01 19:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-16 03:24 - 2011-05-17 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-12-16 03:23 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-12-16 03:23 - 2009-07-13 22:45 - 05295112 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-12-16 03:04 - 2010-11-21 01:13 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-12-16 03:02 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
    2013-12-16 03:01 - 2010-11-21 16:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
    2013-12-15 23:17 - 2013-11-14 19:22 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA
    2013-12-15 23:17 - 2010-10-29 11:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-12-05 01:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-11-29 19:43 - 2010-11-24 17:59 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-11-29 19:43 - 2010-11-24 17:59 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-11-29 10:58 - 2013-12-15 23:17 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2013-11-29 10:58 - 2013-12-15 23:17 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
    2013-11-26 05:54 - 2013-12-16 03:03 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-26 04:19 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-26 04:18 - 2013-12-16 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-26 04:11 - 2013-12-16 03:03 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-11-26 03:48 - 2013-12-16 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-26 03:46 - 2013-12-16 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-26 03:41 - 2013-12-16 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-26 03:29 - 2013-12-16 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-26 03:27 - 2013-12-16 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-26 03:23 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-11-26 03:21 - 2013-12-16 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-26 03:18 - 2013-12-16 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-26 03:18 - 2013-12-16 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-26 03:16 - 2013-12-16 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-26 02:57 - 2013-12-16 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-26 02:38 - 2013-12-16 03:03 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-11-26 02:38 - 2013-12-16 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-11-26 02:35 - 2013-12-16 03:03 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-26 02:32 - 2013-12-16 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-11-26 02:28 - 2013-12-16 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-11-26 02:16 - 2013-12-16 03:03 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-11-26 02:02 - 2013-12-16 03:03 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-26 01:48 - 2013-12-16 03:03 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-26 01:32 - 2013-12-16 03:03 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-11-26 01:26 - 2013-12-16 03:03 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-11-26 01:07 - 2013-12-16 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-26 00:40 - 2013-12-16 03:03 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-26 00:34 - 2013-12-16 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-26 00:34 - 2013-12-16 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-11-26 00:33 - 2013-12-16 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-11-26 00:27 - 2013-12-16 03:03 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-11-23 12:26 - 2013-12-15 22:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-11-23 11:47 - 2013-12-15 22:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    Files to move or delete:
    ====================
    C:\ProgramData\uninstaller.exe
    C:\Users\Phantom\Photoshop_13_LS16.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-12-21 20:19
    ==================== End Of Log ============================
     
  6. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013
    Ran by Phantom at 2013-12-23 22:48:48
    Running from C:\Users\Phantom\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    Update for Microsoft Office 2007 (KB2508958) (x32)
    64 Bit HP CIO Components Installer (Version: 7.2.8)
    6500_E709_eDocs (x32 Version: 1.00.0000)
    6500_E709_Help (x32 Version: 1.00.0000)
    6500_E709n (x32 Version: 140.0.000.000)
    Adobe AIR (x32 Version: 2.5.1.17730)
    Adobe Anchor Service CS3 (x32 Version: 1.0)
    Adobe Asset Services CS3 (x32 Version: 3)
    Adobe Bridge CS3 (x32 Version: 2)
    Adobe Bridge Start Meeting (x32 Version: 1.0)
    Adobe Camera Raw 4.0 (x32 Version: 4.0)
    Adobe CMaps (x32 Version: 1.0)
    Adobe Color - Photoshop Specific (x32 Version: 1.0)
    Adobe Color Common Settings (x32 Version: 1.0.1)
    Adobe Color EU Extra Settings (x32 Version: 1.0)
    Adobe Color JA Extra Settings (x32 Version: 1.0)
    Adobe Color NA Recommended Settings (x32 Version: 1.0)
    Adobe Default Language CS3 (x32 Version: 1.0)
    Adobe Device Central CS3 (x32 Version: 1.0)
    Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2)
    Adobe Flash Player 10 Plugin (x32 Version: 10.0.42.34)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
    Adobe Fonts All (x32 Version: 1.0)
    Adobe Help Viewer CS3 (x32 Version: 1)
    Adobe Linguistics CS3 (x32 Version: 3.0.0)
    Adobe PDF Library Files (x32 Version: 8.0)
    Adobe Photoshop CS3 (x32 Version: 10)
    Adobe Photoshop CS3 (x32 Version: 10.0)
    Adobe Photoshop CS6 (x32 Version: 13.0)
    Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
    Adobe Setup (x32 Version: 1.0)
    Adobe Stock Photos CS3 (x32 Version: 1.5)
    Adobe Type Support (x32 Version: 1.0)
    Adobe Update Manager CS3 (x32 Version: 5.1.0)
    Adobe Version Cue CS3 Client (x32 Version: 3)
    Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
    Adobe XMP Panels CS3 (x32 Version: 1.0)
    AtHomeConnect version 1.0.1.0 (x32 Version: 1.0.1.0)
    AVG 2014 (Version: 14.0.3658)
    Bejeweled 3 (x32)
    Bejeweled Blitz (x32)
    Bing Bar (x32 Version: 7.1.391.0)
    bpd_scan (x32 Version: 3.00.0000)
    BPDSoftware (x32 Version: 140.0.000.000)
    BPDSoftware_Ini (x32 Version: 1.00.0000)
    BufferChm (x32 Version: 140.0.213.000)
    Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (x32)
    Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (x32)
    CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1)
    Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1)
    Canon MOV Decoder (x32 Version: 1.7.0.6)
    Canon MOV Encoder (x32 Version: 1.5.0.3)
    Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5)
    Canon Pro9000 II series Printer Driver
    Canon Pro9000 Mark II series User Registration (x32)
    Canon Utilities Digital Photo Professional (x32 Version: 3.13.10.0)
    Canon Utilities Easy-PhotoPrint EX (x32)
    Canon Utilities Easy-PhotoPrint Pro (x32)
    Canon Utilities EOS Utility (x32 Version: 2.13.10.0)
    Canon Utilities My Printer (x32)
    Canon Utilities Picture Style Editor (x32 Version: 1.13.10.0)
    Canon Utilities Solution Menu (x32)
    Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23)
    Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4)
    CCleaner (Version: 4.07)
    CorelDRAW Graphics Suite X3 (x32 Version: 13.2)
    Coupon Printer for Windows (x32 Version: 5.0.0.2)
    Curse Client (HKCU Version: 5.1.1.792)
    D3DX10 (x32 Version: 15.4.2368.0902)
    Destinations (x32 Version: 130.0.0.0)
    DeviceDiscovery (x32 Version: 140.0.213.000)
    Diablo III (x32)
    DocMgr (x32 Version: 130.0.000.000)
    DocProc (x32 Version: 140.0.100.000)
    EN (x32 Version: 13.1)
    Fax (x32 Version: 140.0.213.000)
    FHA Software for Windows (x32 Version: 10.04.30)
    FHA Software for Windows (x32 Version: 10.10.31)
    FHA Software for Windows (x32 Version: 10.11.30)
    FHA Software for Windows (x32 Version: 10.12.31)
    FHA Software for Windows (x32 Version: 11.01.31)
    FHA Software for Windows (x32 Version: 11.02.28)
    FHA Software for Windows (x32 Version: 11.03.31)
    FHA Software for Windows (x32 Version: 11.04.30)
    FHA Software for Windows (x32 Version: 11.05.31)
    FHA Software for Windows (x32 Version: 11.06.30)
    FHA Software for Windows (x32 Version: 11.07.31)
    FHA Software for Windows (x32 Version: 11.08.31)
    FHA Software for Windows (x32 Version: 11.09.30)
    FHA Software for Windows (x32 Version: 11.10.31)
    FHA Software for Windows (x32 Version: 11.11.30)
    FHA Software for Windows (x32 Version: 11.12.31)
    FHA Software for Windows (x32 Version: 12.01.31)
    FHA Software for Windows (x32 Version: 12.02.29)
    FHA Software for Windows (x32 Version: 12.03.31)
    FHA Software for Windows (x32 Version: 12.05.31)
    FHA Software for Windows (x32 Version: 12.06.30)
    FHA Software for Windows (x32 Version: 12.08.31)
    File Opener Pro (x32)
    FontNav (x32 Version: 5.0)
    GeForce Experience NvStream Client Components (Version: 1.6.28)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
    Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
    Google Update Helper (x32 Version: 1.3.22.3)
    GPBaseService2 (x32 Version: 140.0.212.000)
    Guild Wars (x32)
    Guild Wars 2 (x32)
    H&R Block Deluxe + Efile + State 2010 (x32 Version: 10.04.6402)
    H&R Block Deluxe + Efile + State 2011 (x32 Version: 11.05.7102)
    H&R Block Deluxe + Efile + State 2012 (x32 Version: 12.05.7803)
    H&R Block Minnesota 2010 (x32 Version: 1.10.3601)
    H&R Block Minnesota 2011 (x32 Version: 1.11.3901)
    H&R Block Minnesota 2012 (x32 Version: 1.12.4701)
    Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
    HP Customer Participation Program 14.0 (Version: 14.0)
    HP Document Manager 2.0 (Version: 2.0)
    HP Imaging Device Functions 14.0 (Version: 14.0)
    HP Officejet 6500 E709 Series (Version: 14.0)
    HP Product Detection (x32 Version: 11.14.0001)
    HP Smart Web Printing 4.60 (Version: 4.60)
    HP Solution Center 14.0 (Version: 14.0)
    HP Update (x32 Version: 5.005.000.002)
    HPDiagnosticAlert (x32 Version: 1.00.0000)
    HPProductAssistant (x32 Version: 140.0.213.000)
    ImageMixer 3 SE Ver.6 Transfer Utility (x32 Version: 6.00.018)
    ImageMixer 3 SE Ver.6 Video Tools (x32 Version: 6.00.019)
    Internet TV for Windows Media Center (x32 Version: 4.2.2.0)
    iTunes (Version: 10.2.1.1)
    Java 7 Update 9 (x32 Version: 7.0.90)
    Java Auto Updater (x32 Version: 2.1.9.0)
    Junk Mail filter update (x32 Version: 15.4.3502.0922)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    MarketResearch (x32 Version: 140.0.214.000)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Camera Codec Pack (Version: 16.0.0652.0621)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32)
    Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Silverlight (Version: 5.1.20913.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
    Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
    MSVCRT (x32 Version: 15.4.2862.0708)
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
    NCsoft Launcher (x32 Version: 1.5.25.1)
    Network64 (Version: 140.0.215.000)
    Network64 (Version: 140.0.221.000)
    NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
    NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
    NVIDIA Control Panel 331.82 (Version: 331.82)
    NVIDIA GeForce Experience 1.8 (Version: 1.8)
    NVIDIA Graphics Driver 331.82 (Version: 331.82)
    NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
    NVIDIA Install Application (Version: 2.1002.142.992)
    NVIDIA LED Visualizer 1.0 (Version: 1.0)
    NVIDIA Network Service (Version: 1.0)
    NVIDIA PhysX (x32 Version: 9.13.0725)
    NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
    NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
    NVIDIA Update 10.10.5 (Version: 10.10.5)
    NVIDIA Update Core (Version: 10.10.5)
    NVIDIA Virtual Audio 1.2.12 (Version: 1.2.12)
    OCR Software by I.R.I.S. 14.0 (Version: 14.0)
    PDF Settings (x32 Version: 1.0)
    PDF Settings CS6 (x32 Version: 11.0)
    PHOTOfunSTUDIO 9.0 LE (x32 Version: 9.00.017)
    ProductContext (x32 Version: 140.0.000.000)
    QuickTime (x32 Version: 7.74.80.86)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194)
    RIFT (HKCU)
    Scan (x32 Version: 140.0.167.000)
    Seagate Manager Installer (x32 Version: 2.01.0600)
    SHIELD Streaming (Version: 1.6.75)
    SmartWebPrinting (x32 Version: 140.0.213.000)
    SolutionCenter (x32 Version: 140.0.214.000)
    StarCraft II (x32)
    Status (x32 Version: 140.0.256.000)
    Steam (x32 Version: 1.0.0.0)
    Supreme Commander 2 (x32)
    System Requirements Lab (x32)
    Toolbox (x32 Version: 140.0.428.000)
    TrayApp (x32 Version: 140.0.213.000)
    Update for 2007 Microsoft Office System (KB967642) (x32)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
    Update for Microsoft Office Access 2007 Help (KB963663) (x32)
    Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
    Update for Microsoft Office Script Editor Help (KB963671) (x32)
    Update for Microsoft Office Word 2007 Help (KB963665) (x32)
    Update Manager (x32 Version: 4.60)
    Ventrilo Client for Windows x64 (Version: 3.0.8.0)
    Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
    Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
    WebReg (x32 Version: 140.0.213.017)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3538.0513)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (x32 Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3538.0513)
    Windows Live Mail (x32 Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
    Windows Live Photo Common (x32 Version: 15.4.3502.0922)
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
    Windows Live SOXE (x32 Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
    Windows Live Sync (x32 Version: 14.0.8089.726)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
    Windows Live Writer (x32 Version: 15.4.3502.0922)
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
    Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0)
    World of Warcraft (x32)
    World of Warcraft Beta (x32 Version: 5.0.5.16048)
    ==================== Restore Points =========================
    20-12-2013 04:15:11 avast! antivirus system restore point
    20-12-2013 04:26:05 avast! antivirus system restore point
    20-12-2013 05:32:48 avast! antivirus system restore point
    20-12-2013 21:20:31 AA11
    20-12-2013 21:35:56 Installed AVG 2014
    20-12-2013 21:36:25 Installed AVG 2014
    21-12-2013 02:45:20 Removed 7-Zip 9.21
    21-12-2013 02:52:02 Removed AVG 2014
    21-12-2013 03:02:25 Removed AVG 2014
    ==================== Hosts content: ==========================
    2009-07-13 20:34 - 2013-05-01 20:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {5DDEF55E-5C4D-4F9C-A8D3-D1E04637CFF8} - System32\Tasks\AdobeAAMUpdater-1.0-Phantom-PC-Phantom => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {68A2D8AC-14F5-4DBB-A45C-C4494AAE36AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16] (Adobe Systems Incorporated)
    Task: {7BBB07CE-9EBA-41C1-B849-FBEA76D59FFE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {A01D168B-DF0B-4AFC-8986-CA9D54F6E694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
    Task: {A2D31C8F-2375-46D9-892D-146632D2BF53} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
    Task: {AF2D058D-AF3C-4FF8-916B-775127A2864C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4115959996-671547687-3831804364-1000
    Task: {B251AEB9-C56C-4328-98B3-786B57310F4A} - System32\Tasks\DigitalSite => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {D2168AA3-F746-452B-BE01-FC3CF46F7CEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
    ==================== Faulty Device Manager Devices =============
    Name: Officejet 6500 E709n
    Description: Officejet 6500 E709n
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    Name: Officejet 6500 E709n
    Description: Officejet 6500 E709n
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (12/23/2013 10:12:35 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 31b0
    Start Time: 01cf005bafa669f2
    Termination Time: 32
    Application Path: C:\Program Files\Internet Explorer\iexplore.exe
    Report Id: 995ab374-6c51-11e3-b13c-406186cbf8a7
    Error: (12/22/2013 10:53:53 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc000070a
    Fault offset: 0x000000000005cf99
    Faulting process id: 0x950
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (12/22/2013 10:42:24 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: mshtml.dll, version: 11.0.9600.16476, time stamp: 0x52948abb
    Exception code: 0xc00000fd
    Fault offset: 0x00000000000828d9
    Faulting process id: 0x1954
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (12/22/2013 09:37:11 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
    Error: (12/22/2013 06:47:37 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000008
    Fault offset: 0x00000000000cd7e8
    Faulting process id: 0x71c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (12/21/2013 00:02:51 AM) (Source: Application Hang) (User: )
    Description: The program iSafe.exe version 3.6.24.5531 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 1138
    Start Time: 01cefe11c374c3d8
    Termination Time: 23
    Application Path: C:\Program Files (x86)\iSafe\iSafe.exe
    Report Id: 6f8536eb-6a05-11e3-aeb8-406186cbf8a7
    Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcNvVAD initialization failed [6]
    Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
    Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcNvVAD endpoint registration failed [0]
    Error: (12/20/2013 11:39:46 PM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcNvVAD initialization failed [6]

    System errors:
    =============
    Error: (12/23/2013 10:47:28 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (12/23/2013 10:47:27 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:46:53 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:46:53 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:46:16 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:45:51 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:45:50 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:44:06 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:44:06 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
    Error: (12/23/2013 10:43:09 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Microsoft Office Sessions:
    =========================
    Error: (01/16/2012 07:21:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 188 seconds with 0 seconds of active time. This session ended with a crash.

    ==================== Memory info ===========================
    Percentage of memory in use: 17%
    Total physical RAM: 12279.12 MB
    Available physical RAM: 10163.59 MB
    Total Pagefile: 24558.23 MB
    Available Pagefile: 22194.44 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:1397.16 GB) (Free:763.48 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: ACC8B171)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
     
  7. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    IMPORTANT! Restart computer.

    Re-run FRST "Scan" one more time and post fresh log.
     

    Attached Files:

  8. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2013
    Ran by Phantom at 2013-12-23 23:40:58 Run:1
    Running from C:\Users\Phantom\Desktop
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll ATTENTION! ====> ZeroAccess?
    MountPoints2: F - F:\LaunchU3.exe -a
    MountPoints2: {2ed51819-0496-11e0-acec-406186cbf8a7} - E:\LaunchU3.exe -a
    MountPoints2: {b93aba28-3b24-11e2-90c3-406186cbf8a7} - E:\autorunner.exe "John Deere New Products 2012.exe"
    MountPoints2: {e4f56448-7f53-11e1-84ab-406186cbf8a7} - E:\MotoCastSetup.exe -a
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={6CAF0C1E-DE19-11E2-9493-406186CBF8A7}
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
    SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...1-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q...-9493-406186CBF8A7}&crg=3.5000006.10042&st=23
    Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    S4 Ntfddmkm; No ImagePath
    C:\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll
    C:\Users\Phantom\AppData\Local\Temp\skikyej
    C:\ProgramData\uninstaller.exe
    Task: {B251AEB9-C56C-4328-98B3-786B57310F4A} - System32\Tasks\DigitalSite => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    *****************
    HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ed51819-0496-11e0-acec-406186cbf8a7} => Key deleted successfully.
    HKCR\CLSID\{2ed51819-0496-11e0-acec-406186cbf8a7} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93aba28-3b24-11e2-90c3-406186cbf8a7} => Key deleted successfully.
    HKCR\CLSID\{b93aba28-3b24-11e2-90c3-406186cbf8a7} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f56448-7f53-11e1-84ab-406186cbf8a7} => Key deleted successfully.
    HKCR\CLSID\{e4f56448-7f53-11e1-84ab-406186cbf8a7} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
    HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
    HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    Winsock: Catalog entry 000000000009 => Deleted successfully.
    HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
    "FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
    C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0 => Key deleted successfully.
    C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
    Ntfddmkm => Service deleted successfully.
    "C:\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll" => File/Directory not found.
    C:\Users\Phantom\AppData\Local\Temp\skikyej => Moved successfully.
    C:\ProgramData\uninstaller.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B251AEB9-C56C-4328-98B3-786B57310F4A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B251AEB9-C56C-4328-98B3-786B57310F4A} => Key deleted successfully.
    C:\Windows\System32\Tasks\DigitalSite => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
    ==== End of Fixlog ====
     
  9. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    First scan after restart froze so I scanned again.


    can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
    Ran by Phantom (administrator) on PHANTOM-PC on 23-12-2013 23:51:39
    Running from C:\Users\Phantom\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
    HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
    HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-24] (Google Inc.)
    HKCU\...\Policies\system: [NoSecCPL] 0
    HKCU\...\Policies\system: [NoDispCPL] 0
    HKCU\...\Policies\system: [NoDispBackgroundPage] 0
    HKCU\...\Policies\system: [NoDispScrSavPage] 0
    HKCU\...\Policies\system: [NoDispAppearancePage] 0
    HKCU\...\Policies\system: [NoDispSettingsPage] 0
    HKCU\...\Policies\system: [NoDevMgrPage] 0
    HKCU\...\Policies\system: [NoConfigPage] 0
    HKCU\...\Policies\system: [NoVirtMemPage] 0
    HKCU\...\Policies\system: [NoFileSysPage] 0
    HKCU\...\Policies\system: [NoNetSetup] 0
    HKCU\...\Policies\system: [NoNetSetupIDPage] 0
    HKCU\...\Policies\system: [NoNetSetupSecurityPage] 0
    HKCU\...\Policies\system: [NoWorkgroupContents] 0
    HKCU\...\Policies\system: [NoEntireNetwork] 0
    HKCU\...\Policies\system: [NoFileSharingControl] 0
    HKCU\...\Policies\Explorer: [NoThumbnailCache] 0
    HKCU\...\Policies\Explorer: [NoSaveSettings] 0
    HKCU\...\Policies\Explorer: [NoFolderOptions] 0x00000000
    HKCU\...\Policies\Explorer: [RestrictRun] 0
    HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12D03BCF7226CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
    DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.159.193.40 24.205.224.36
    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    ==================== Services (Whitelisted) =================
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-11-21] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
    ==================== Drivers (Whitelisted) ====================
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-01] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-14] ()
    S3 cpuz134; \??\C:\Users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    U0 helpsvc;
    U0 ImapiService;
    U0 Irmon;
    U0 Messenger;
    U0 srservice;
    U0 UPS;
    U0 WinDHCPsvc;
    U0 WZCSVC;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-12-23 23:45 - 2013-12-23 23:51 - 00011874 _____ C:\Users\Phantom\Desktop\FRST.txt
    2013-12-23 23:38 - 2013-12-23 23:38 - 00000355 _____ C:\Users\Phantom\Desktop\Computer - Shortcut.lnk
    2013-12-23 22:48 - 2013-12-23 22:49 - 00025852 _____ C:\Users\Phantom\Downloads\Addition.txt
    2013-12-23 22:47 - 2013-12-23 22:49 - 00041988 _____ C:\Users\Phantom\Downloads\FRST.txt
    2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Desktop\FRST64.exe
    2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
    2013-12-23 22:02 - 2013-12-23 22:03 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
    2013-12-22 13:23 - 2013-12-22 18:34 - 00004840 _____ C:\Windows\PFRO.log
    2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-21 16:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
    2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
    2013-12-21 14:25 - 2013-12-23 23:43 - 00001344 _____ C:\Windows\setupact.log
    2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
    2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
    2013-12-20 22:40 - 2013-12-23 22:43 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
    2013-12-20 22:40 - 2013-12-22 21:37 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
    2013-12-20 22:40 - 2013-12-20 22:45 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
    2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
    2013-12-20 22:38 - 2013-12-23 22:43 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-20 22:38 - 2013-12-21 16:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
    2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
    2013-12-20 15:41 - 2013-12-21 00:18 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
    2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
    2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
    2013-12-20 15:37 - 2013-12-20 21:05 - 00000000 ____D C:\ProgramData\AVG2014
    2013-12-20 15:36 - 2013-12-21 00:17 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-12-20 15:34 - 2013-12-21 00:17 - 00000000 ____D C:\ProgramData\MFAData
    2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
    2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
    2013-12-20 14:35 - 2013-12-20 14:39 - 00000162 _____ C:\Windows\Reimage.ini
    2013-12-20 14:11 - 2013-12-20 14:12 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
    2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-12-19 22:14 - 2013-12-19 23:36 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
    2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
    2013-12-19 15:46 - 2013-12-22 17:58 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
    2013-12-16 03:04 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2013-12-16 03:04 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2013-12-16 03:04 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2013-12-16 03:04 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-12-16 03:03 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-12-16 03:03 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-12-16 03:03 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-12-16 03:03 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-12-16 03:03 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-12-16 03:03 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-12-16 03:03 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-12-16 03:03 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-12-16 03:03 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-12-16 03:03 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-12-16 03:03 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-12-16 03:03 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-12-16 03:03 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-12-16 03:03 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-12-16 03:03 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-12-16 03:03 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-12-16 03:03 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-12-16 03:03 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-12-16 03:03 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-12-16 03:03 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-12-16 03:03 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-12-16 03:03 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-12-16 03:03 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-12-16 03:03 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-12-16 03:03 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-12-16 03:03 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-12-16 03:03 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-12-16 03:03 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-12-16 03:03 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-12-16 03:03 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-12-16 03:03 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
    2013-12-15 23:17 - 2013-11-29 10:58 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2013-12-15 23:17 - 2013-11-29 10:58 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2013-12-15 23:16 - 2013-10-30 11:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2013-12-15 23:16 - 2013-10-30 11:02 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2013-12-15 23:16 - 2013-10-30 11:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2013-12-15 23:04 - 2013-11-14 05:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2013-12-15 23:04 - 2013-11-14 05:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2013-12-15 22:05 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2013-12-15 22:05 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-12-15 22:04 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-12-15 22:04 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2013-12-15 22:04 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2013-12-15 22:04 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2013-12-15 22:04 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-12-15 22:04 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2013-12-15 22:04 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-12-15 22:04 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2013-12-15 22:04 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2013-12-15 22:03 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2013-12-15 22:03 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2013-12-15 22:03 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
    2013-12-15 22:03 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
    2013-12-15 22:03 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2013-12-15 22:03 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2013-12-15 22:03 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2013-12-15 22:03 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
    ==================== One Month Modified Files and Folders =======
    2013-12-23 23:52 - 2013-12-23 23:45 - 00011874 _____ C:\Users\Phantom\Desktop\FRST.txt
    2013-12-23 23:52 - 2012-04-01 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-23 23:49 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-23 23:49 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-23 23:48 - 2010-11-24 17:59 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-23 23:43 - 2013-12-21 14:25 - 00001344 _____ C:\Windows\setupact.log
    2013-12-23 23:43 - 2010-11-24 17:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-23 23:43 - 2010-10-29 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-12-23 23:43 - 2010-10-29 11:04 - 01138751 _____ C:\Windows\WindowsUpdate.log
    2013-12-23 23:43 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-23 23:40 - 2013-11-14 18:40 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
    2013-12-23 23:38 - 2013-12-23 23:38 - 00000355 _____ C:\Users\Phantom\Desktop\Computer - Shortcut.lnk
    2013-12-23 23:05 - 2010-11-22 17:05 - 00000000 ____D C:\Users\Phantom\Documents\Roger
    2013-12-23 22:49 - 2013-12-23 22:48 - 00025852 _____ C:\Users\Phantom\Downloads\Addition.txt
    2013-12-23 22:49 - 2013-12-23 22:47 - 00041988 _____ C:\Users\Phantom\Downloads\FRST.txt
    2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Desktop\FRST64.exe
    2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
    2013-12-23 22:43 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
    2013-12-23 22:43 - 2013-12-20 22:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-23 22:41 - 2011-01-25 14:05 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-12-23 22:03 - 2013-12-23 22:02 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
    2013-12-23 13:06 - 2010-11-23 02:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Adobe
    2013-12-22 22:52 - 2010-12-03 21:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\Deployment
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
    2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
    2013-12-22 21:37 - 2013-12-20 22:40 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
    2013-12-22 18:35 - 2009-07-13 23:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-22 18:34 - 2013-12-22 13:23 - 00004840 _____ C:\Windows\PFRO.log
    2013-12-22 18:28 - 2013-11-14 18:40 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\DigitalSite
    2013-12-22 17:58 - 2013-12-19 15:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
    2013-12-22 13:40 - 2013-11-14 19:40 - 00000101 _____ C:\Users\Phantom\AppData\Roaming\WB.CFG
    2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-21 16:39 - 2013-12-20 22:38 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
    2013-12-21 16:34 - 2013-10-29 00:03 - 00000000 ____D C:\Windows\Minidump
    2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
    2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
    2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
    2013-12-21 00:18 - 2013-12-20 15:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
    2013-12-21 00:18 - 2012-02-21 18:37 - 00000000 ____D C:\Users\UpdatusUser.Phantom-PC
    2013-12-21 00:17 - 2013-12-20 15:36 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-12-21 00:17 - 2013-12-20 15:34 - 00000000 ____D C:\ProgramData\MFAData
    2013-12-21 00:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2013-12-20 23:47 - 2009-07-13 22:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
    2013-12-20 22:45 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
    2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
    2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
    2013-12-20 22:40 - 2010-11-20 21:52 - 00000000 ____D C:\Users\Phantom
    2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
    2013-12-20 21:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2013-12-20 21:05 - 2013-12-20 15:37 - 00000000 ____D C:\ProgramData\AVG2014
    2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
    2013-12-20 20:26 - 2010-11-21 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-12-20 15:45 - 2013-11-01 12:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\FzgyPack
    2013-12-20 15:43 - 2013-03-25 11:36 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Bitcoin
    2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
    2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
    2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
    2013-12-20 14:39 - 2013-12-20 14:35 - 00000162 _____ C:\Windows\Reimage.ini
    2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
    2013-12-20 14:12 - 2013-12-20 14:11 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
    2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-12-19 23:36 - 2013-12-19 22:14 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-12-19 22:21 - 2010-11-24 17:59 - 00000000 ____D C:\Users\Phantom\AppData\Local\Google
    2013-12-19 22:21 - 2010-11-24 17:58 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-19 22:08 - 2009-07-13 23:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
    2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
    2013-12-19 00:55 - 2010-11-25 21:06 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2013-12-16 13:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2013-12-16 03:24 - 2012-04-01 19:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-16 03:24 - 2012-04-01 19:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-16 03:24 - 2011-05-17 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-12-16 03:23 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-12-16 03:23 - 2009-07-13 22:45 - 05295112 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-12-16 03:04 - 2010-11-21 01:13 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-12-16 03:02 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
    2013-12-16 03:01 - 2010-11-21 16:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
    2013-12-15 23:17 - 2013-11-14 19:22 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA
    2013-12-15 23:17 - 2010-10-29 11:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-12-05 01:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-11-29 19:43 - 2010-11-24 17:59 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-11-29 19:43 - 2010-11-24 17:59 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-11-29 10:58 - 2013-12-15 23:17 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2013-11-29 10:58 - 2013-12-15 23:17 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
    2013-11-26 05:54 - 2013-12-16 03:03 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-26 04:19 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-26 04:18 - 2013-12-16 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-26 04:11 - 2013-12-16 03:03 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-11-26 03:48 - 2013-12-16 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-26 03:46 - 2013-12-16 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-26 03:41 - 2013-12-16 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-26 03:29 - 2013-12-16 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-26 03:27 - 2013-12-16 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-26 03:23 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-11-26 03:21 - 2013-12-16 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-26 03:18 - 2013-12-16 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-26 03:18 - 2013-12-16 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-26 03:16 - 2013-12-16 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-26 02:57 - 2013-12-16 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-26 02:38 - 2013-12-16 03:03 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-11-26 02:38 - 2013-12-16 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-11-26 02:35 - 2013-12-16 03:03 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-26 02:32 - 2013-12-16 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-11-26 02:28 - 2013-12-16 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-11-26 02:16 - 2013-12-16 03:03 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-11-26 02:02 - 2013-12-16 03:03 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-26 01:48 - 2013-12-16 03:03 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-26 01:32 - 2013-12-16 03:03 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-11-26 01:26 - 2013-12-16 03:03 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-11-26 01:07 - 2013-12-16 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-26 00:40 - 2013-12-16 03:03 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-26 00:34 - 2013-12-16 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-26 00:34 - 2013-12-16 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-11-26 00:33 - 2013-12-16 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-11-26 00:27 - 2013-12-16 03:03 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-11-23 12:26 - 2013-12-15 22:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-11-23 11:47 - 2013-12-15 22:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    Files to move or delete:
    ====================
    C:\Users\Phantom\Photoshop_13_LS16.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-12-21 20:19
    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Very good.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  11. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Phantom [Admin rights]
    Mode : Remove -- Date : 12/24/2013 15:57:47
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
    --- User ---
    [MBR] dc909e69c21fd7e3c315285a0539872f
    [BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_D_12242013_155747.txt >>
    RKreport[0]_S_12242013_155356.txt

    RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Phantom [Admin rights]
    Mode : Scan -- Date : 12/24/2013 15:53:56
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
    --- User ---
    [MBR] dc909e69c21fd7e3c315285a0539872f
    [BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_S_12242013_155356.txt >>

    RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Phantom [Admin rights]
    Mode : Remove -- Date : 12/24/2013 15:57:47
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
    --- User ---
    [MBR] dc909e69c21fd7e3c315285a0539872f
    [BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_D_12242013_155747.txt >>
    RKreport[0]_S_12242013_155356.txt

    There is also a RK_Quarantine file.
    I will now do restore point and MalwareBytes AntiRootKit and post that.
     
     
  12. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    File exceeds 50,000 chr broken apart part 1

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16476
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.074000 GHz
    Memory total: 12875587584, free: 5441961984
    Downloaded database version: v2013.12.25.02
    Downloaded database version: v2013.12.18.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    12/25/2013 00:37:19
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msctf.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\ole32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\usp10.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800ad91790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
    Lower Device Object: 0xfffffa800ab6b060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800ad91790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800ad912c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800ad91790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800ab5e580, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800ab6b060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    File C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Forged file]
    Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak
    Infected: C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Unknown.Rootkit.Driver]
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: ACC8B171
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 2930065408
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 1500301910016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
    Done!
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F8F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz13D5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz142D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz14E8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz150C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC82.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACC3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACED.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD31.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD71.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADC4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADEF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE88.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE8D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAEA5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF0E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF11.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF2C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF52.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB001.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB033.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB0C8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB119.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB176.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6608.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6635.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6671.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz66B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6738.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz677D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz67AF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6837.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6843.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6848.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6852.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz685E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6864.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6892.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz68CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6945.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6961.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A22.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A44.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A52.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A5A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A6E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A9B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6AD7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B0A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B75.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B76.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BA6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BAE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BC4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C06.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C8E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CA9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7C6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD802.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD81.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD818.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD831.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD832.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD84F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD860.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8B9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD907.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD98D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9C6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9E4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA09.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA1B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA91.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB0A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB2D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB69.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB76.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A13.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A46.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A64.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A68.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AB8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AD8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B80.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B94.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C16.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C8E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3CC9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D1A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D61.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DA9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DDB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E29.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E3D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E5E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E6D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E88.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3EBC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3ECA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F5E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8472.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz84A6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8508.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8513.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8526.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8528.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz853C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz854F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8570.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz858C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85B9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85E9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz861.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8649.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz866.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8669.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8670.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz86D3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz875C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87C9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8840.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88B9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88D6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8906.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz890C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz896E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8979.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz897F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz899C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89D4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A05.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1574.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A68.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F24.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz240E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A0C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F6B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3486.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FE6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46FF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C0C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B05.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61C1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7412.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz77C3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8470.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A1F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC211.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC271.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC272.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2AE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC300.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC351.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3E2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3EE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC40E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC435.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC436.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC458.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC4CA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC51B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC52C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC53D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC559.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC55A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC60F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC651.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC658.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC65A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6C8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6D8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB16.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB73.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB81.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBBC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBCD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBD0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEC1A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECA7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECBA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECC1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED01.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED4D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED87.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED8C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE07.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE0E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE10.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE54.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE9A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEEC0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEED7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF14.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF37.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF64.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF83.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF8C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEFD7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF008.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF013.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz51F6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5253.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5268.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz528C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz532.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5338.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5376.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53B7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53D3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53F2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5418.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5499.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz549A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54A9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54AA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz550B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz551.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55B5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2439.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2457.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24D8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2518.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz257A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz258C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25A6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25AB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz262E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2680.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz26BF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2715.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27F0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz280C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2863.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2864.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz289F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28BD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28FF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz293E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2950.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz296E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2971.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29E0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29F2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz97F1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9801.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz984B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9870.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98E4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98F0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9907.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9917.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9934.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9980.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9AF0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B1A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B25.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B2B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B36.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B3F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B6A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BA8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BC8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BCA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BEB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C57.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C58.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CD6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7441.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7490.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74D1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7501.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7524.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz754A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz759F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75B3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75F8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7657.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7674.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7694.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz775D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7771.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz777F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7797.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2FF7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3020.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30CC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30D9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3111.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz311B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3137.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz317A.tmp --> [Trojan.Agent.EDZR]
     
  13. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    System part 2

    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB80.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB809.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB817.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB87B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8FF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB957.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB97A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9A6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9C4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA02.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA03.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA44.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA58.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA66.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAB3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBACB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAFB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB06.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB31.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB42.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBBDE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC18.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCC3C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCB8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCBA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCDC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCE9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD5F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD60.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD7E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDE7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE08.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE31.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE35.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE55.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF04.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF17.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF19.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF3C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF76.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF84.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFD3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFFD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD023.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD03D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD0B2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD119.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD12E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD140.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD152.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD1C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD203.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD21B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5BC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5DC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF628.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF658.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF673.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6F2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF73F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF764.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF768.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7AB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7E0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7F6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF810.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF84F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF887.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8B0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8C2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF903.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF92D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF949.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF9C9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFA52.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFACE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4719.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4724.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4749.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4754.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4758.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4774.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4788.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47A6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47CB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz491.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz492A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4977.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49AC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49D0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A5B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A6C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A7A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4AB3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4ADB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B3C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B55.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B99.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BE9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C22.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C33.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CF3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D1C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D57.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D7B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D94.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D96.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D98.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E5D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E62.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E81.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5EE3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F57.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F6B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F74.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F82.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F87.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F98.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5FE5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6088.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz60B9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6118.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6169.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61AE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA28.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA280.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2B0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2E2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3FA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA402.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA41B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA45F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA485.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA496.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA4B3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA505.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA523.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA524.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA58D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5B2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5E9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA61A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA622.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA626.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA631.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6F7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA758.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA81C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA870.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE17E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE185.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE197.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1E2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE22B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE254.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE260.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE267.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE279.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE2E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE304.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE35D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3D6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE444.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE452.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE492.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4AC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4D9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE501.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE52B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE544.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE561.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE573.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE578.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5E4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5EB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A94.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B0E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B11.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B1A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B51.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B53.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B6D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C08.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C2B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C3D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C7F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CB1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CCF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CF9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CFF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1D72.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DA5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E07.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E30.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E32.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F0A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F22.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9018.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz904A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz905B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9068.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz907A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90A5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz910C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9157.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9193.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz91B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9204.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9240.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9249.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9254.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92DE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92EB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92FC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9300.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz939B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BC6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C0D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C66.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C8E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CCE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CFD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D3D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D52.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D7D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D94.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D9D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E16.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E90.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7EAF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7F21.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FDD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FFF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80EB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8125.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8153.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81E3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81FA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8203.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz827C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8291.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz82F6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz83.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8334.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8377.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8463.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D08.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D1C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D52.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D9B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6DC7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EAA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EB8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EF2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6F3D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FCB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FDB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7024.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz702C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz703A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz707B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz70F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz712A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7139.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz713D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz715E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71EF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71F1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz721D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7317.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz731B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7338.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz734D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz73A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC34.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC4F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBCE1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD53.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD75.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD9E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE0C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE1B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE58.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE69.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEAA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBECD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEDB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF41.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF48.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF7C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF88.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF90.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF91.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBFA8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC064.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC08D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC09A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0A7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0B5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0E3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC12.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC138.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC19.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1A9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1DB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C21.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4CF9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D38.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D49.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D90.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4DDD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E12.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E36.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4EE2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F19.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F2F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F31.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F9C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5014.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5034.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5043.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz504F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5054.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5062.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5064.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5077.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz508.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz513.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz514F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5173.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FEB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4036.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz408C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz40E5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz412F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4170.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4191.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41FF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz421F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4251.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz429F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42B8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42DE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42FE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4322.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4330.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4365.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz443C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4451.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448B.tmp --> [Trojan.Agent.EDZR]
     
  14. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    System part 4

    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz450.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4502.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz453.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4556.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz455A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz45E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4605.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz463D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4675.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46A4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46C6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D56.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E39.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E90.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9F75.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FA0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FAB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA00E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA01D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA02E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA030.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA080.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0BD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0CD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA108.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA14C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1C0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1CB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD27D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2AA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2B6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2CB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD35B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD370.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD39C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3B2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3CC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3DA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3E9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD419.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD453.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD479.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD494.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4A1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD527.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD54F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD570.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5B5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD62B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD65.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD691.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD698.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6B3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6F3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD710.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD72C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD731.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD779.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE659.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6AA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6B0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6C6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6EC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6FE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE765.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE776.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE77A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE85B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE89B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8C7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8F8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE912.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE996.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9A1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9C9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9DE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA4A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA53.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA61.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAAE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAEE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAF1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A30.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A94.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2AF6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B06.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B82.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2BAA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C66.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C72.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C73.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CA5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CBA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CC1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D14.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D23.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D65.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DA6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DD7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E36.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E4E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E56.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E68.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E81.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EA6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EFA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F5C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz354F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3551.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz355D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3566.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3571.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3577.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3591.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35AD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35E0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35FE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3611.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3662.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3672.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz36D2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz370A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3721.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz373E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz37A1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3809.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3828.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3863.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38D3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3975.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39CC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A40.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AAF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ACF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AD6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ADD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8B39.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BB2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BE4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BF2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C33.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C3F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8CA6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D10.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D2D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D7F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DAB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DE3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DEE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DF4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E02.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E08.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E59.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E85.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E8A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E96.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F25.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F35.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F3C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F43.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF046.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF080.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF09.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF0FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF146.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF176.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF202.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF265.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF276.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF27C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2CF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2D9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF336.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF33D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF36B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF37E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3BA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3F9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF401.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF44D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF46A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF478.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF47E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4BC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4D6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB23.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB56.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB58.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBA5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBF9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBFA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC0C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC21.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC2C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC46.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC5C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC67.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCED.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD57.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD79.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDEA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFE4E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFEC8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF44.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF56.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF58.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF6B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC716.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC776.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC7C6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC843.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC854.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC857.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC874.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8CA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8DA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC93F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC981.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9B3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9BB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9CF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9DF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCABE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB1F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB2E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB5B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB87.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBCC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBB1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC2C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC40.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC78.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC87.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC98.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC9D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCC4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCD6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD1F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD41.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD6D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE03.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE0D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE9E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDF70.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFCF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFEC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE01C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE026.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE083.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0DE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE103.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93E5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz979.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D4D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA24E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA877.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB197.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5EE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC31.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC705.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBF7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD24D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7B1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBA6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE648.tmp --> [Trojan.Agent.EDZR]
     
  15. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    System Part 5

    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB0D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF022.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF573.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB11.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55F4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz565C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56A8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56BF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56E8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56F2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz571.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57AE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57CC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz582C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5839.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5878.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz587E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz58F1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5924.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5930.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5951.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A06.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A0C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A3B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A4C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A6E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5AE2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61EF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61F5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz625D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62B8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62C8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62D2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6336.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6349.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63D1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63DC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63E8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63ED.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63FE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6467.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64EE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz651A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz654.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz659D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65CF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F74.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F77.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F80.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FA8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FD3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2072.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2094.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2095.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2104.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2117.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2145.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz214F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz220B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz226D.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2279.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2370.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2388.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz238A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23DA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23E6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23ED.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93FA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz947E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9491.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94B1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94BE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94D0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz950B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9581.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz95AD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz963.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz966.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz967A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96BF.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96CA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9742.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9744.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9766.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9772.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA87C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA881.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA887.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8DB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8FC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA957.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA95E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA97B.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA989.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA999.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA9F3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA27.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA42.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA4F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA71.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA9C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAA8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAB6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAFB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB3A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB8C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzABBE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz15B7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1622.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1637.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1639.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz163E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1698.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16B4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16BB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16E9.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1792.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17C5.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17D7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1819.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz184A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1883.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1899.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz191C.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz194E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1979.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1992.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19DA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19EB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1C1.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1E7.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB22A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB265.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB266.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2DE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2F3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2FB.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB365.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB374.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB377.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A8.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB458.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB474.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB499.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB501.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB504.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB52E.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB53F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB560.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5BD.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E2.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7819.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7868.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7897.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz78E6.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7907.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz791F.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7937.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7957.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7999.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz79B0.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A25.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A29.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A2A.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A3.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A49.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AAE.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AC.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7ACA.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7B29.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB4.tmp --> [Trojan.Agent.EDZR]
    Infected: C:\$Recycle.Bin\S-1-5-18\$400216564d6d26e9ca6e3085e6c4f832 --> [Trojan.Siredef.C]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16476
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.074000 GHz
    Memory total: 12875587584, free: 11218141184
    =======================================
     
  16. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Mbar log Part 1 exceeds 50,000 chr also.

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org
    Database version: v2013.12.25.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Phantom :: PHANTOM-PC [administrator]
    12/25/2013 12:37:27 AM
    mbar-log-2013-12-25 (00-37-27).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 311563
    Time elapsed: 1 hour(s), 22 minute(s), 56 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 1
    C:\$Recycle.Bin\S-1-5-18\$400216564d6d26e9ca6e3085e6c4f832 (Trojan.Siredef.C) -> Delete on reboot.
    Files Detected: 1333
    C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F8F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz13D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz142D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz14E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz150C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACC3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD71.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE8D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAEA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB001.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB033.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB0C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB119.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB176.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6608.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6635.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6671.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz66B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6738.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz677D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz67AF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6837.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6843.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6848.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6852.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz685E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6864.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6892.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz68CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6945.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6961.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A6E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6AD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CA9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD802.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD818.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD831.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD832.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD84F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD860.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD98D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA09.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA91.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB69.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A13.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A46.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A64.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AD8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3CC9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D61.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DA9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3EBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3ECA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8472.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz84A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8508.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8513.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8526.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8528.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz853C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz854F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8570.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz858C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz861.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8649.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz866.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8669.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8670.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz86D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz875C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8840.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8906.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz890C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz896E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz897F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz899C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A05.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1574.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F24.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz240E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3486.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FE6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B05.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61C1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7412.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz77C3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8470.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC211.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC271.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC272.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC300.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC351.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC40E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC435.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC436.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC458.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC4CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC51B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC52C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC53D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC559.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC55A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC60F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC651.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC658.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC65A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB73.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBD0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEC1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECA7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECC1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED01.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED4D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE07.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE10.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE54.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEEC0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEED7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF14.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF37.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF64.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF83.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEFD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF008.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF013.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz51F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5253.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5268.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz528C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz532.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5338.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5376.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5418.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5499.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz549A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz550B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz551.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2439.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2457.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2518.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz257A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz258C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25AB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz262E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2680.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz26BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2715.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz280C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2863.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2864.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz289F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz293E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2950.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz296E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2971.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz97F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9801.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz984B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9870.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9917.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9934.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9980.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9AF0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B6A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BCA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BEB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7441.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7490.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74D1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7524.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz754A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz759F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75F8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7657.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7674.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7694.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz775D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7771.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz777F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7797.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2FF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3020.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3111.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz311B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3137.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz317A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3198.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz31BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz320C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz321B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz324D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz332B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
     
  17. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Mbar log Part 2 exceeds 50,000 chr also.

    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3351.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz33B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz33C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz340D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz346D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB64D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB665.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB667.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6A0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB752.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB754.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB769.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7DD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB809.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB817.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB87B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB97A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA02.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA03.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAB3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBACB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAFB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB42.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBBDE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC18.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCC3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCDC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD60.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD7E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDE7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE35.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE55.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF04.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF17.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF84.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFD3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFFD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD023.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD03D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD0B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD119.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD12E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD140.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD152.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD1C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD203.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD21B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5DC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF628.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF658.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF673.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF73F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF764.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF768.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7AB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF810.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF84F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF887.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF903.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF92D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF949.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF9C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFA52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFACE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4719.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4724.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4749.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4754.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4758.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4774.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4788.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz491.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz492A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4977.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A5B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A6C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A7A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4AB3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4ADB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B55.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B99.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C33.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CF3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D1C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D7B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D96.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E62.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5EE3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F74.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5FE5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6088.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz60B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6118.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6169.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA28.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA280.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA402.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA41B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA45F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA485.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA496.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA4B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA505.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA523.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA524.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA58D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA61A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA622.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA626.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA631.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA758.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA81C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA870.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE17E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE185.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE197.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE22B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE254.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE260.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE267.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE279.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE2E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE304.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE35D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE444.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE452.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE492.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE52B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE544.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE561.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE573.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE578.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B51.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CB1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CCF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CFF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1D72.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E07.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E30.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E32.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9018.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz904A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz905B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9068.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz907A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90A5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz910C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9157.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9193.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz91B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9204.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9240.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9249.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9254.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92FC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9300.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz939B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BC6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CFD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D7D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7EAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7F21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FDD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FFF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8125.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8153.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8203.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz827C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8291.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz82F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz83.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8334.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8377.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8463.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D1C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6DC7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EF2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6F3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FCB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7024.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz702C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz703A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz707B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz70F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz712A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7139.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz713D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz715E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz721D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7317.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz731B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7338.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz734D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz73A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC34.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBCE1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD9E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE69.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBECD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF41.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF48.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF7C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF91.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBFA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC064.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC08D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC09A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0A7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC12.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC138.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1DB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4CF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D38.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D49.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4DDD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E12.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4EE2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F9C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5014.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5034.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5043.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz504F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5054.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5062.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5064.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5077.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz508.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz513.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz514F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5173.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FEB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4036.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz408C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz40E5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz412F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4170.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4191.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz421F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4251.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz429F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4322.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4330.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4365.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz443C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4451.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz450.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4502.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz453.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4556.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz455A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz45E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4605.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz463D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4675.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46A4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E39.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9F75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FA0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FAB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA00E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA01D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA02E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA030.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA080.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA108.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
     
  18. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Mbar log Part 3 exceeds 50,000 chr also.

    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA14C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1C0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD27D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2B6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD35B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD370.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD39C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD419.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD453.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD479.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD494.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD527.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD54F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD570.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD62B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD65.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD691.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD698.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD710.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD72C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD731.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD779.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE659.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6EC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE765.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE776.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE77A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE85B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE89B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8F8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE912.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE996.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA4A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA61.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAF1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A30.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2AF6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2BAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C72.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C73.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CC1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D14.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D23.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D65.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EFA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F5C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz354F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3551.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz355D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3566.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3571.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3577.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3591.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35AD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3611.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3662.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3672.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz36D2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz370A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3721.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz373E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz37A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3809.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3828.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3863.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3975.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A40.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ACF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ADD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8B39.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BB2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BE4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BF2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C33.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8CA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D10.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DAB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DE3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DF4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E02.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E59.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E85.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E8A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E96.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F35.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F43.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF046.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF080.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF09.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF0FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF146.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF176.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF202.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF265.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF276.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF27C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF336.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF33D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF36B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF37E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3BA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3F9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF401.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF44D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF46A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF478.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF47E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB23.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBFA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC46.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC5C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC67.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD79.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDEA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFE4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFEC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC716.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC776.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC7C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC843.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC854.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC857.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC874.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC93F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC981.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9DF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCABE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB2E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB5B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBCC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBB1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC40.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC78.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD41.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE03.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE9E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDF70.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFCF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFEC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE01C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE026.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE083.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE103.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93E5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D4D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA24E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA877.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB197.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC705.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD24D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7B1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE648.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF022.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF573.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz565C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56A8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz571.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz582C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5839.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5878.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz587E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz58F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5924.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5930.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5951.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A3B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A4C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A6E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5AE2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61F5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz625D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62D2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6336.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6349.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63D1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63DC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63ED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6467.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz651A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz654.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz659D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F74.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F77.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FD3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2072.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2094.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2095.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2104.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2117.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2145.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz214F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz220B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz226D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2279.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2370.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2388.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz238A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23ED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz947E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9491.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94B1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94BE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz950B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9581.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz95AD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz963.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz966.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz967A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9742.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9744.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9766.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9772.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA87C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA881.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA887.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8DB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8FC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA95E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA97B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA989.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA999.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA9F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA27.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA42.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA71.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA9C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAB6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAFB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB3A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzABBE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz15B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1622.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1637.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1639.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz163E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1698.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1792.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1819.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz184A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1883.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1899.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz191C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz194E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1992.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1C1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB22A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB265.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB266.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB365.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB374.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB377.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB458.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB474.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB499.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB504.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB52E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB53F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB560.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7819.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7868.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7897.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz78E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz791F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7937.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7999.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz79B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A49.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7ACA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7B29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  19. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    ComboFix 13-12-24.02 - Phantom 12/25/2013 16:29:21.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9239 [GMT -6:00]
    Running from: c:\users\Phantom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BT40UIEG\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\END
    C:\Install.exe
    c:\program files (x86)\AVG Antivirus 2011
    c:\users\Phantom\AppData\Local\assembly\tmp
    c:\users\Phantom\AppData\Roaming\Izqupu
    c:\users\Phantom\AppData\Roaming\Izqupu\xaeza.vih
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\Direction\backward.gif
    c:\windows\SysWow64\images\Direction\backward_disabled.gif
    c:\windows\SysWow64\images\Direction\down.gif
    c:\windows\SysWow64\images\Direction\end.gif
    c:\windows\SysWow64\images\Direction\end_disabled.gif
    c:\windows\SysWow64\images\Direction\fastbackward.gif
    c:\windows\SysWow64\images\Direction\fastbackward_disabled.gif
    c:\windows\SysWow64\images\Direction\fastforward.gif
    c:\windows\SysWow64\images\Direction\fastforward_disabled.gif
    c:\windows\SysWow64\images\Direction\forward.gif
    c:\windows\SysWow64\images\Direction\forward_disabled.gif
    c:\windows\SysWow64\images\Direction\goto.gif
    c:\windows\SysWow64\images\Direction\goto_disabled.gif
    c:\windows\SysWow64\images\Direction\start.gif
    c:\windows\SysWow64\images\Direction\start_disabled.gif
    c:\windows\SysWow64\images\Direction\up.gif
    c:\windows\SysWow64\images\misc\bell.gif
    c:\windows\SysWow64\images\toolbar\addallfield.gif
    c:\windows\SysWow64\images\toolbar\addallfield_disabled.gif
    c:\windows\SysWow64\images\toolbar\addallfield_over.gif
    c:\windows\SysWow64\images\toolbar\addfield.gif
    c:\windows\SysWow64\images\toolbar\addfield_disabled.gif
    c:\windows\SysWow64\images\toolbar\addfield_over.gif
    c:\windows\SysWow64\images\toolbar\bologo.gif
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\first.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\firstd.gif
    c:\windows\SysWow64\images\toolbar\firstresults.gif
    c:\windows\SysWow64\images\toolbar\firstresults_over.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\help.gif
    c:\windows\SysWow64\images\toolbar\help_over.gif
    c:\windows\SysWow64\images\toolbar\interact.gif
    c:\windows\SysWow64\images\toolbar\interact_over.gif
    c:\windows\SysWow64\images\toolbar\interactd.gif
    c:\windows\SysWow64\images\toolbar\last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\lastd.gif
    c:\windows\SysWow64\images\toolbar\lastresults.gif
    c:\windows\SysWow64\images\toolbar\lastresults_over.gif
    c:\windows\SysWow64\images\toolbar\left_button.gif
    c:\windows\SysWow64\images\toolbar\mblackarrow.gif
    c:\windows\SysWow64\images\toolbar\mdownarrow.gif
    c:\windows\SysWow64\images\toolbar\mdownfield.gif
    c:\windows\SysWow64\images\toolbar\mdownfield_over.gif
    c:\windows\SysWow64\images\toolbar\middle_button.gif
    c:\windows\SysWow64\images\toolbar\mlogo.gif
    c:\windows\SysWow64\images\toolbar\mtitleimage.gif
    c:\windows\SysWow64\images\toolbar\muparrow.gif
    c:\windows\SysWow64\images\toolbar\mupfield.gif
    c:\windows\SysWow64\images\toolbar\mupfield_over.gif
    c:\windows\SysWow64\images\toolbar\next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\nextd.gif
    c:\windows\SysWow64\images\toolbar\nextresults.gif
    c:\windows\SysWow64\images\toolbar\nextresults_over.gif
    c:\windows\SysWow64\images\toolbar\prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\prevd.gif
    c:\windows\SysWow64\images\toolbar\prevresults.gif
    c:\windows\SysWow64\images\toolbar\prevresults_over.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\removeallfield.gif
    c:\windows\SysWow64\images\toolbar\removeallfield_disabled.gif
    c:\windows\SysWow64\images\toolbar\removeallfield_over.gif
    c:\windows\SysWow64\images\toolbar\removefield.gif
    c:\windows\SysWow64\images\toolbar\removefield_disabled.gif
    c:\windows\SysWow64\images\toolbar\removefield_over.gif
    c:\windows\SysWow64\images\toolbar\right_button.gif
    c:\windows\SysWow64\images\toolbar\search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\separator.gif
    c:\windows\SysWow64\images\toolbar\tab_fill_sel.gif
    c:\windows\SysWow64\images\toolbar\tab_fill_unsel.gif
    c:\windows\SysWow64\images\toolbar\tab_left_sel.gif
    c:\windows\SysWow64\images\toolbar\tab_left_unsel.gif
    c:\windows\SysWow64\images\toolbar\tab_right_sel.gif
    c:\windows\SysWow64\images\toolbar\tab_right_unsel.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\toolbar\view.gif
    c:\windows\SysWow64\images\toolbar\view_over.gif
    c:\windows\SysWow64\images\toolbar\viewpressed.gif
    c:\windows\SysWow64\images\toolbar\wizard.gif
    c:\windows\SysWow64\images\toolbar\wizard_over.gif
    c:\windows\SysWow64\images\toolbar\wizardpressed.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\emptybox.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\magnify.gif
    c:\windows\SysWow64\images\tree\mdownarrow.gif
    c:\windows\SysWow64\images\tree\minubox.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\muparrow.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\resizebar.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_WinDHCPsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-25 to 2013-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-25 06:36 . 2013-12-25 06:36 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-24 21:52 . 2013-12-24 21:52 325120 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
    2013-12-24 21:51 . 2013-12-24 21:51 467456 ----a-w- c:\windows\system32\drivers\srv.sys.bak
    2013-12-24 21:50 . 2013-12-24 21:50 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys.bak
    2013-12-24 21:49 . 2013-12-24 21:49 16960 ----a-w- c:\windows\system32\drivers\intelide.sys.bak
    2013-12-24 21:48 . 2013-12-24 21:48 147456 ----a-w- c:\windows\system32\drivers\cdrom.sys.bak
    2013-12-24 04:48 . 2013-12-24 04:48 -------- d-----w- c:\windows\SysWow64\wbem\Logs
    2013-12-24 04:47 . 2013-12-24 04:47 -------- d-----w- C:\FRST
    2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\users\Phantom\AppData\Roaming\Malwarebytes
    2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\programdata\Malwarebytes
    2013-12-21 22:46 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-12-21 04:41 . 2013-12-21 04:41 -------- d-----w- c:\users\Phantom\AppData\Roaming\eCyber
    2013-12-21 04:40 . 2013-12-21 04:40 -------- d-----w- c:\users\Phantom\.android
    2013-12-21 04:40 . 2013-12-21 04:45 -------- d-----w- c:\users\Phantom\AppData\Local\cache
    2013-12-21 04:40 . 2013-12-21 04:40 -------- d-----w- c:\users\Phantom\AppData\Local\genienext
    2013-12-21 04:40 . 2013-12-24 04:43 -------- d-----w- c:\users\Phantom\AppData\Local\Mobogenie
    2013-12-21 04:39 . 2013-12-21 04:39 -------- d-----w- c:\windows\system32\log
    2013-12-21 04:38 . 2013-12-21 22:39 -------- d-----w- c:\users\Phantom\AppData\Roaming\iSafe
    2013-12-21 04:38 . 2013-12-24 04:43 -------- d-----w- c:\program files (x86)\Mobogenie
    2013-12-20 21:41 . 2013-12-21 06:18 -------- d-----w- c:\users\Phantom\AppData\Roaming\AVG2014
    2013-12-20 21:39 . 2013-12-20 21:39 -------- d-----w- c:\users\Phantom\AppData\Roaming\TuneUp Software
    2013-12-20 21:37 . 2013-12-21 03:05 -------- d-----w- c:\programdata\AVG2014
    2013-12-20 21:36 . 2013-12-21 06:17 -------- d-----w- c:\program files (x86)\AVG
    2013-12-20 21:34 . 2013-12-20 21:34 -------- d--h--w- c:\programdata\Common Files
    2013-12-20 21:34 . 2013-12-21 06:17 -------- d-----w- c:\programdata\MFAData
    2013-12-20 21:34 . 2013-12-20 21:34 -------- d-----w- c:\users\Phantom\AppData\Local\MFAData
    2013-12-20 20:38 . 2013-12-20 20:38 -------- d-----w- c:\programdata\CDB
    2013-12-20 09:01 . 2013-12-20 09:01 -------- d-----w- c:\windows\Microsoft Antimalware
    2013-12-20 05:51 . 2013-12-20 05:51 -------- d-----w- c:\program files\Microsoft Silverlight
    2013-12-20 05:51 . 2013-12-20 05:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2013-12-20 04:14 . 2013-12-20 05:36 -------- d-----w- c:\programdata\AVAST Software
    2013-12-19 21:46 . 2013-12-25 08:09 -------- d-----w- c:\users\Phantom\AppData\Roaming\Ahkomua
    2013-12-16 09:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2013-12-16 09:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2013-12-16 09:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2013-12-16 09:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2013-12-16 05:17 . 2013-12-16 05:17 -------- d-----w- c:\users\Phantom\AppData\Local\NVIDIA Corporation
    2013-12-16 05:17 . 2013-11-29 16:58 979744 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2013-12-16 05:17 . 2013-11-29 16:58 1096480 ----a-w- c:\windows\system32\nvspcap64.dll
    2013-12-16 05:16 . 2013-10-30 17:03 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2013-12-16 05:16 . 2013-10-30 17:02 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2013-12-16 05:16 . 2013-10-30 17:02 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2013-12-16 05:09 . 2013-12-16 05:09 -------- d-----w- c:\users\Phantom\AppData\Roaming\HPAppData
    2013-12-16 04:05 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-12-16 04:04 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-12-16 04:04 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2013-12-16 04:04 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
    2013-12-16 04:04 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-12-16 04:04 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2013-12-16 04:04 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2013-12-16 04:04 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-16 04:04 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-16 04:03 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-16 04:03 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-16 04:03 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
    2013-12-16 04:03 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
    2013-12-16 04:03 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-16 09:24 . 2012-04-02 01:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-16 09:24 . 2011-05-17 20:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-16 09:01 . 2010-11-21 22:51 90708896 ----a-w- c:\windows\system32\MRT.exe
    2013-12-16 07:54 . 2013-12-24 21:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74426DF0-FE37-4CDC-9167-AA8B4C3A9507}\mpengine.dll
    2013-12-16 04:03 . 2011-04-13 03:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2013-12-16 04:02 . 2011-04-13 03:20 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2013-11-26 18:25 . 2010-11-21 22:51 267936 ------w-c:\windows\system32\MpSigStub.exe
    2013-11-26 06:33 . 2013-12-16 09:03 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-11-23 18:26 . 2013-12-16 04:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-14 23:03 . 2013-11-14 23:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-14 23:03 . 2013-11-14 23:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-14 23:03 . 2013-11-14 23:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-14 23:03 . 2013-11-14 23:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2013-11-14 23:03 . 2013-11-14 23:03 235008 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-14 23:03 . 2013-11-14 23:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-14 23:03 . 2013-11-14 23:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-14 23:03 . 2013-11-14 23:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-14 23:03 . 2013-11-14 23:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-14 23:03 . 2013-11-14 23:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2013-11-14 23:03 . 2013-11-14 23:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-14 23:03 . 2013-11-14 23:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2013-11-14 23:03 . 2013-11-14 23:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-14 23:03 . 2013-11-14 23:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-14 23:03 . 2013-11-14 23:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-14 23:03 . 2013-11-14 23:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2013-11-14 23:03 . 2013-11-14 23:03 337408 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-14 23:03 . 2013-11-14 23:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-14 23:03 . 2013-11-14 23:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-14 23:03 . 2013-11-14 23:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-14 23:03 . 2013-11-14 23:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-14 23:03 . 2013-11-14 23:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-14 23:03 . 2013-11-14 23:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-14 23:03 . 2013-11-14 23:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-14 23:03 . 2013-11-14 23:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2013-11-14 23:03 . 2013-11-14 23:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-14 23:03 . 2013-11-14 23:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-14 23:03 . 2013-11-14 23:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-14 23:03 . 2013-11-14 23:03 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-14 23:03 . 2013-11-14 23:03 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-14 23:03 . 2013-11-14 23:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-14 23:03 . 2013-11-14 23:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-14 23:03 . 2013-11-14 23:03 548352 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-14 23:03 . 2013-11-14 23:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-14 23:03 . 2013-11-14 23:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-14 23:03 . 2013-11-14 23:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-14 23:03 . 2013-11-14 23:03 413696 ----a-w- c:\windows\system32\html.iec
    2013-11-14 23:03 . 2013-11-14 23:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2013-11-14 23:03 . 2013-11-14 23:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-14 23:03 . 2013-11-14 23:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-14 23:03 . 2013-11-14 23:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-14 23:03 . 2013-11-14 23:03 247808 ----a-w- c:\windows\system32\msls31.dll
    2013-11-14 23:03 . 2013-11-14 23:03 243200 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-14 23:03 . 2013-11-14 23:03 235520 ----a-w- c:\windows\system32\url.dll
    2013-11-14 23:03 . 2013-11-14 23:03 195584 ----a-w- c:\windows\system32\msrating.dll
    2013-11-14 23:03 . 2013-11-14 23:03 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-14 23:03 . 2013-11-14 23:03 143872 ----a-w- c:\windows\system32\wextract.exe
    2013-11-14 23:03 . 2013-11-14 23:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-14 23:03 . 2013-11-14 23:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-14 23:03 . 2013-11-14 23:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-14 23:03 . 2013-11-14 23:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-14 23:03 . 2013-11-14 23:03 101376 ----a-w- c:\windows\system32\inseng.dll
    2013-11-14 23:03 . 2013-11-14 23:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2013-11-14 23:03 . 2013-11-14 23:03 774144 ----a-w- c:\windows\system32\jscript.dll
    2013-11-14 23:03 . 2013-11-14 23:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-14 23:03 . 2013-11-14 23:03 48128 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-14 23:03 . 2013-11-14 23:03 147968 ----a-w- c:\windows\system32\occache.dll
    2013-11-14 23:03 . 2013-11-14 23:03 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-14 23:03 . 2013-11-14 23:03 135680 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-14 22:41 . 2013-05-03 19:11 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-11-14 11:55 . 2012-10-11 03:23 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-11-14 11:55 . 2013-09-18 03:22 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-11-14 11:55 . 2013-09-18 03:22 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-11-14 11:55 . 2013-09-18 03:22 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-11-14 11:55 . 2013-09-18 03:22 3069608 ----a-w- c:\windows\system32\nvapi64.dll
    2013-11-14 11:55 . 2013-09-18 03:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-11-12 02:07 . 2013-12-16 04:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-11-11 15:02 . 2010-10-16 19:13 6674208 ----a-w- c:\windows\system32\nvcpl.dll
    2013-11-11 15:02 . 2010-10-16 19:13 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-11-11 15:01 . 2010-10-16 19:13 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-11-11 15:01 . 2010-10-16 19:13 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2013-11-11 15:01 . 2010-10-08 09:22 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-11-11 15:01 . 2012-02-22 00:36 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-11-11 14:59 . 2013-11-11 14:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-11-08 20:37 . 2011-04-11 02:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-10-24 01:13 . 2013-10-24 01:13 21504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Offline Scanner\FilesList32.dll
    2013-10-23 10:30 . 2013-11-15 01:14 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
    2013-10-23 10:30 . 2013-11-15 01:14 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
    2013-10-15 00:00 . 2013-03-23 19:19 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2013-10-12 02:30 . 2013-11-12 20:17 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-12 20:17 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-12 20:17 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:04 . 2013-12-16 04:03 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
    2013-10-12 02:03 . 2013-12-16 04:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
    2013-10-12 02:03 . 2013-11-12 20:17 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-12 20:17 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-12 01:15 . 2013-12-16 04:03 141824 ----a-w- c:\windows\SysWow64\wscript.exe
    2013-10-05 20:25 . 2013-11-12 20:18 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 19:57 . 2013-11-12 20:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-10-04 02:28 . 2013-11-12 20:18 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 02:25 . 2013-11-12 20:18 197120 ----a-w- c:\windows\system32\credui.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PHOTOfunSTUDIO 9.0 LE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 9.0 LE\PHOTOfunSTUDIO.exe" [2013-5-11 167624]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    @="Driver Group"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 cpuz134;cpuz134;c:\users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:24]
    .
    2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 23:59]
    .
    2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 23:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Search_URL =
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page =
    mWindow Title = Microsoft Internet Explorer
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 24.159.193.40 24.205.224.36
    DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4115959996-671547687-3831804364-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:da,9f,42,94,bf,87,9c,da,28,ad,79,83,6a,0d,a0,83,b3,50,8a,43,34,
    99,e8,07,2a,51,63,9f,cb,23,f1,6c,05,83,af,e6,ac,52,77,b9,d7,13,50,7f,96,ae,\
    "rkeysecu"=hex:a3,26,81,76,7a,fa,42,be,41,09,2b,04,ae,42,3f,cc
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    .
    **************************************************************************
    .
    Completion time: 2013-12-25 17:02:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-12-25 23:02
    .
    Pre-Run: 822,439,702,528 bytes free
    Post-Run: 821,689,786,368 bytes free
    .
    - - End Of File - - E3177F92725756AC5E6CF0E84C14091B
    A36C5E4F47E84449FF07ED3517B43A31
     
  21. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Broni,
    I will be unavailable for about a wee., Please keep my thread open. I will continue as soon as possible. Thanks for all your help. Roger

    # AdwCleaner v3.016 - Report created 26/12/2013 at 12:11:10
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Phantom - PHANTOM-PC
    # Running from : C:\Users\Phantom\Desktop\adwcleaner.exe
    # Option : Scan
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\bingp.xml
    File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\Mysearchdial.xml
    File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\user.js
    Folder Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
    Folder Found C:\Program Files (x86)\Conduit
    Folder Found C:\Program Files (x86)\Mobogenie
    Folder Found C:\Program Files (x86)\MyPC Backup
    Folder Found C:\Program Files (x86)\SpeedyPC Software
    Folder Found C:\ProgramData\apn
    Folder Found C:\ProgramData\SpeedyPC Software
    Folder Found C:\Users\Phantom\AppData\Local\Conduit
    Folder Found C:\Users\Phantom\AppData\Local\Mobogenie
    Folder Found C:\Users\Phantom\AppData\Local\SwvUpdater
    Folder Found C:\Users\Phantom\AppData\LocalLow\Conduit
    Folder Found C:\Users\Phantom\AppData\LocalLow\PriceGong
    Folder Found C:\Users\Phantom\AppData\Roaming\digitalsite
    Folder Found C:\Users\Phantom\AppData\Roaming\DriverCure
    Folder Found C:\Users\Phantom\AppData\Roaming\iSafe
    Folder Found C:\Users\Phantom\AppData\Roaming\SpeedyPC Software
    Folder Found C:\Users\Phantom\Documents\Mobogenie
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\SpeedyPC Software
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : [x64] HKCU\Software\dsiteproducts
    Key Found : [x64] HKCU\Software\IM
    Key Found : [x64] HKCU\Software\ImInstaller
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKCU\Software\SpeedyPC Software
    Key Found : [x64] HKCU\Software\wecarereminder
    Key Found : [x64] HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Found : HKLM\Software\SpeedyPC Software
    Key Found : HKLM\Software\Uniblue
    Key Found : [x64] HKLM\SOFTWARE\DomaIQ
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
    Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0C0B0Fzz0AyBtDtBtCtBtN0D0Tzu0SyCzzyEtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
    -\\ Mozilla Firefox v
    [ File : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\prefs.js ]
    Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
    *************************
    AdwCleaner[R0].txt - [4807 octets] - [26/12/2013 12:11:21]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4867 octets] ##########
     
  23. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Sorry log after running Clean


    # AdwCleaner v3.016 - Report created 26/12/2013 at 12:27:37
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Phantom - PHANTOM-PC
    # Running from : C:\Users\Phantom\Desktop\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\SpeedyPC Software
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Mobogenie
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\SpeedyPC Software
    Folder Deleted : C:\Users\Phantom\AppData\Local\Conduit
    Folder Deleted : C:\Users\Phantom\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Phantom\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Phantom\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Phantom\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Phantom\AppData\Roaming\digitalsite
    Folder Deleted : C:\Users\Phantom\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Phantom\AppData\Roaming\iSafe
    Folder Deleted : C:\Users\Phantom\AppData\Roaming\SpeedyPC Software
    Folder Deleted : C:\Users\Phantom\Documents\Mobogenie
    Folder Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
    File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\bingp.xml
    File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\user.js
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\SpeedyPC Software
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\SpeedyPC Software
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
    Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    -\\ Mozilla Firefox v
    [ File : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\prefs.js ]
    Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
    *************************
    AdwCleaner[R0].txt - [4991 octets] - [26/12/2013 12:11:21]
    AdwCleaner[S0].txt - [4465 octets] - [26/12/2013 12:27:37]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4525 octets] ##########
     
  24. Roger8118

    Roger8118 TS Rookie Topic Starter Posts: 40

    Can no longer access any Office Products including Control panel to change security settings, so I can't run JRT from desktop. Can't get email from Outlook.
    I will try my laptop to retrieve email.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    When exactly did it happen?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.