Solved Newbie with DOS/Rovnix.V virus

[Roger8118]

Please forgive me if I am not doing this correctly. I am trying to follow the posted instructions. I tried Windows Defender Offline/AVG/YAC to no avail. Thanks in advance for anyone that can help me.

Roger


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Phantom :: PHANTOM-PC [administrator]
12/21/2013 4:47:26 PM
MBAM-log-2013-12-21 (16-59-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293478
Time elapsed: 11 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
Registry Keys Detected: 10
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
Registry Values Detected: 6
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> No action taken.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 6
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338 (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
Files Detected: 11
C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\62.ico (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\80.ico (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Phantom\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
(end)


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2010 9:52:23 PM
System Uptime: 12/21/2013 3:27:40 PM (7 hours ago)
.
Motherboard: MSI | | MSI X58 Pro-E (MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 2514/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 765.101 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP532: 12/19/2013 10:15:11 PM - avast! antivirus system restore point
RP533: 12/19/2013 10:26:05 PM - avast! antivirus system restore point
RP534: 12/19/2013 11:32:48 PM - avast! antivirus system restore point
RP535: 12/20/2013 3:20:31 PM - AA11
RP536: 12/20/2013 3:35:56 PM - Installed AVG 2014
RP537: 12/20/2013 3:36:25 PM - Installed AVG 2014
RP538: 12/20/2013 8:45:20 PM - Removed 7-Zip 9.21
RP539: 12/20/2013 8:52:02 PM - Removed AVG 2014
RP540: 12/20/2013 9:02:25 PM - Removed AVG 2014
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.

I still need DDS.txt log.

 

[Roger8118]

I rescanned and checked and deleted all Items. I then ran a scan with DDS.com and it makes the attach.txt but not the DDs.txt, I don't know what I am doing wrong. Deleted and redownloaded but didn't help.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Phantom :: PHANTOM-PC [administrator]
12/22/2013 5:54:23 PM
mbam-log-2013-12-22 (17-54-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340641
Time elapsed: 32 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
Registry Keys Detected: 10
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
Registry Values Detected: 6
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {6CAF0C1E-DE19-11E2-9493-406186CBF8A7} -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 6
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Files Detected: 11
C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\mysearchdial\icons_2.2.13.1338\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Phantom\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
(end)
.

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2010 9:52:23 PM
System Uptime: 12/22/2013 9:37:41 PM (1 hours ago)
.
Motherboard: MSI | | MSI X58 Pro-E (MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 3067/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 763.629 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP532: 12/19/2013 10:15:11 PM - avast! antivirus system restore point
RP533: 12/19/2013 10:26:05 PM - avast! antivirus system restore point
RP534: 12/19/2013 11:32:48 PM - avast! antivirus system restore point
RP535: 12/20/2013 3:20:31 PM - AA11
RP536: 12/20/2013 3:35:56 PM - Installed AVG 2014
RP537: 12/20/2013 3:36:25 PM - Installed AVG 2014
RP538: 12/20/2013 8:45:20 PM - Removed 7-Zip 9.21
RP539: 12/20/2013 8:52:02 PM - Removed AVG 2014
RP540: 12/20/2013 9:02:25 PM - Removed AVG 2014
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[Roger8118]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
Ran by Phantom (administrator) on PHANTOM-PC on 23-12-2013 22:47:44
Running from C:\Users\Phantom\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-24] (Google Inc.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [NoSecCPL] 0
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\system: [NoDevMgrPage] 0
HKCU\...\Policies\system: [NoConfigPage] 0
HKCU\...\Policies\system: [NoVirtMemPage] 0
HKCU\...\Policies\system: [NoFileSysPage] 0
HKCU\...\Policies\system: [NoNetSetup] 0
HKCU\...\Policies\system: [NoNetSetupIDPage] 0
HKCU\...\Policies\system: [NoNetSetupSecurityPage] 0
HKCU\...\Policies\system: [NoWorkgroupContents] 0
HKCU\...\Policies\system: [NoEntireNetwork] 0
HKCU\...\Policies\system: [NoFileSharingControl] 0
HKCU\...\Policies\Explorer: [NoThumbnailCache] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKCU\...\Policies\Explorer: [RestrictRun] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {2ed51819-0496-11e0-acec-406186cbf8a7} - E:\LaunchU3.exe -a
MountPoints2: {b93aba28-3b24-11e2-90c3-406186cbf8a7} - E:\autorunner.exe "John Deere New Products 2012.exe"
MountPoints2: {e4f56448-7f53-11e1-84ab-406186cbf8a7} - E:\MotoCastSetup.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12D03BCF7226CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={6CAF0C1E-DE19-11E2-9493-406186CBF8A7}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...1-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q...-9493-406186CBF8A7}&crg=3.5000006.10042&st=23
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.159.193.40 24.205.224.36
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-11-21] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S4 Ntfddmkm; No ImagePath
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-14] ()
S3 cpuz134; \??\C:\Users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
U0 helpsvc;
U0 ImapiService;
U0 Irmon;
U0 Messenger;
U0 srservice;
U0 UPS;
U0 WinDHCPsvc;
U0 WZCSVC;
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-23 22:47 - 2013-12-23 22:48 - 00014535 _____ C:\Users\Phantom\Downloads\FRST.txt
2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Downloads\FRST64.exe
2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
2013-12-23 22:04 - 2013-12-23 22:08 - 00001751 _____ C:\Users\Phantom\Desktop\attach.txt
2013-12-23 22:02 - 2013-12-23 22:03 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
2013-12-22 13:23 - 2013-12-22 18:34 - 00004840 _____ C:\Windows\PFRO.log
2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
2013-12-21 14:25 - 2013-12-23 12:56 - 00001176 _____ C:\Windows\setupact.log
2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
2013-12-20 22:40 - 2013-12-23 22:43 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
2013-12-20 22:40 - 2013-12-22 21:37 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
2013-12-20 22:40 - 2013-12-20 22:45 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
2013-12-20 22:38 - 2013-12-23 22:43 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-20 22:38 - 2013-12-21 16:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
2013-12-20 15:41 - 2013-12-21 00:18 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
2013-12-20 15:37 - 2013-12-20 21:05 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-20 15:36 - 2013-12-21 00:17 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-20 15:34 - 2013-12-21 00:17 - 00000000 ____D C:\ProgramData\MFAData
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
2013-12-20 14:35 - 2013-12-20 14:39 - 00000162 _____ C:\Windows\Reimage.ini
2013-12-20 14:11 - 2013-12-20 14:12 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 22:14 - 2013-12-19 23:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
2013-12-19 15:46 - 2013-12-22 17:58 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
2013-12-16 03:04 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-16 03:04 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-16 03:04 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-16 03:04 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-16 03:03 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 03:03 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-16 03:03 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-16 03:03 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-16 03:03 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-16 03:03 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-16 03:03 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 03:03 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-16 03:03 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-16 03:03 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-16 03:03 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-16 03:03 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-16 03:03 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-16 03:03 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-16 03:03 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-16 03:03 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-16 03:03 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-16 03:03 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 03:03 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-16 03:03 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-16 03:03 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-16 03:03 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-16 03:03 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 03:03 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-16 03:03 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-16 03:03 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 03:03 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-16 03:03 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-16 03:03 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-16 03:03 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-16 03:03 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
2013-12-15 23:17 - 2013-11-29 10:58 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-15 23:17 - 2013-11-29 10:58 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-15 23:16 - 2013-10-30 11:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-15 23:16 - 2013-10-30 11:02 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-15 23:16 - 2013-10-30 11:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-15 23:04 - 2013-11-14 05:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-15 22:05 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-15 22:05 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-15 22:04 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-15 22:04 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-15 22:04 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-15 22:04 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-15 22:04 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-15 22:04 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-15 22:04 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-15 22:04 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-15 22:04 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-15 22:03 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-15 22:03 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-15 22:03 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-15 22:03 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-15 22:03 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-15 22:03 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-15 22:03 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-15 22:03 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
==================== One Month Modified Files and Folders =======
2013-12-23 22:48 - 2013-12-23 22:47 - 00014535 _____ C:\Users\Phantom\Downloads\FRST.txt
2013-12-23 22:48 - 2010-11-24 17:59 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Downloads\FRST64.exe
2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
2013-12-23 22:43 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
2013-12-23 22:43 - 2013-12-20 22:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-23 22:41 - 2011-01-25 14:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-23 22:40 - 2013-11-14 18:40 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-23 22:36 - 2010-10-29 11:04 - 01131181 _____ C:\Windows\WindowsUpdate.log
2013-12-23 22:08 - 2013-12-23 22:04 - 00001751 _____ C:\Users\Phantom\Desktop\attach.txt
2013-12-23 22:03 - 2013-12-23 22:02 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
2013-12-23 21:52 - 2012-04-01 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 19:48 - 2010-11-24 17:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 13:06 - 2010-11-23 02:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Adobe
2013-12-23 13:01 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:01 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:56 - 2013-12-21 14:25 - 00001176 _____ C:\Windows\setupact.log
2013-12-23 12:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 12:55 - 2010-10-29 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-22 22:52 - 2010-12-03 21:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\Deployment
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
2013-12-22 21:37 - 2013-12-20 22:40 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
2013-12-22 18:35 - 2009-07-13 23:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-22 18:34 - 2013-12-22 13:23 - 00004840 _____ C:\Windows\PFRO.log
2013-12-22 18:28 - 2013-11-14 18:40 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\DigitalSite
2013-12-22 17:58 - 2013-12-19 15:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
2013-12-22 13:40 - 2013-11-14 19:40 - 00000101 _____ C:\Users\Phantom\AppData\Roaming\WB.CFG
2013-12-21 23:08 - 2010-11-22 17:05 - 00000000 ____D C:\Users\Phantom\Documents\Roger
2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:39 - 2013-12-20 22:38 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
2013-12-21 16:34 - 2013-10-29 00:03 - 00000000 ____D C:\Windows\Minidump
2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-21 00:18 - 2013-12-20 15:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
2013-12-21 00:18 - 2012-02-21 18:37 - 00000000 ____D C:\Users\UpdatusUser.Phantom-PC
2013-12-21 00:17 - 2013-12-20 15:36 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-21 00:17 - 2013-12-20 15:34 - 00000000 ____D C:\ProgramData\MFAData
2013-12-21 00:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-20 23:47 - 2009-07-13 22:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
2013-12-20 22:45 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
2013-12-20 22:40 - 2010-11-20 21:52 - 00000000 ____D C:\Users\Phantom
2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
2013-12-20 21:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-20 21:05 - 2013-12-20 15:37 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
2013-12-20 20:26 - 2010-11-21 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-20 15:45 - 2013-11-01 12:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\FzgyPack
2013-12-20 15:43 - 2013-03-25 11:36 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Bitcoin
2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
2013-12-20 14:39 - 2013-12-20 14:35 - 00000162 _____ C:\Windows\Reimage.ini
2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
2013-12-20 14:12 - 2013-12-20 14:11 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 23:36 - 2013-12-19 22:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-19 22:21 - 2010-11-24 17:59 - 00000000 ____D C:\Users\Phantom\AppData\Local\Google
2013-12-19 22:21 - 2010-11-24 17:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-19 22:08 - 2009-07-13 23:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
2013-12-19 00:55 - 2010-11-25 21:06 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-16 13:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 03:24 - 2012-04-01 19:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-16 03:24 - 2012-04-01 19:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 03:24 - 2011-05-17 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 03:23 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 03:23 - 2009-07-13 22:45 - 05295112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 03:04 - 2010-11-21 01:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-16 03:02 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 03:01 - 2010-11-21 16:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
2013-12-15 23:17 - 2013-11-14 19:22 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA
2013-12-15 23:17 - 2010-10-29 11:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-05 01:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-29 19:43 - 2010-11-24 17:59 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 19:43 - 2010-11-24 17:59 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-29 10:58 - 2013-12-15 23:17 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 10:58 - 2013-12-15 23:17 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
2013-11-26 05:54 - 2013-12-16 03:03 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 04:19 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 04:18 - 2013-12-16 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 04:11 - 2013-12-16 03:03 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:48 - 2013-12-16 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:46 - 2013-12-16 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:41 - 2013-12-16 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:29 - 2013-12-16 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:27 - 2013-12-16 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:23 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:21 - 2013-12-16 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:18 - 2013-12-16 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:18 - 2013-12-16 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:16 - 2013-12-16 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 02:57 - 2013-12-16 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 02:38 - 2013-12-16 03:03 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 02:38 - 2013-12-16 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 02:35 - 2013-12-16 03:03 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 02:32 - 2013-12-16 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 02:28 - 2013-12-16 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 02:16 - 2013-12-16 03:03 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 02:02 - 2013-12-16 03:03 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 01:48 - 2013-12-16 03:03 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 01:32 - 2013-12-16 03:03 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 01:26 - 2013-12-16 03:03 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 01:07 - 2013-12-16 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:40 - 2013-12-16 03:03 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:34 - 2013-12-16 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:34 - 2013-12-16 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:33 - 2013-12-16 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-12-16 03:03 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 12:26 - 2013-12-15 22:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 11:47 - 2013-12-15 22:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\Phantom\Photoshop_13_LS16.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-21 20:19
==================== End Of Log ============================

 

[Roger8118]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013
Ran by Phantom at 2013-12-23 22:48:48
Running from C:\Users\Phantom\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (x32 Version: 1.00.0000)
6500_E709_Help (x32 Version: 1.00.0000)
6500_E709n (x32 Version: 140.0.000.000)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0.1)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.42.34)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Setup (x32 Version: 1.0)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AtHomeConnect version 1.0.1.0 (x32 Version: 1.0.1.0)
AVG 2014 (Version: 14.0.3658)
Bejeweled 3 (x32)
Bejeweled Blitz (x32)
Bing Bar (x32 Version: 7.1.391.0)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (x32)
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (x32)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1)
Canon MOV Decoder (x32 Version: 1.7.0.6)
Canon MOV Encoder (x32 Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5)
Canon Pro9000 II series Printer Driver
Canon Pro9000 Mark II series User Registration (x32)
Canon Utilities Digital Photo Professional (x32 Version: 3.13.10.0)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities Easy-PhotoPrint Pro (x32)
Canon Utilities EOS Utility (x32 Version: 2.13.10.0)
Canon Utilities My Printer (x32)
Canon Utilities Picture Style Editor (x32 Version: 1.13.10.0)
Canon Utilities Solution Menu (x32)
Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4)
CCleaner (Version: 4.07)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2)
Coupon Printer for Windows (x32 Version: 5.0.0.2)
Curse Client (HKCU Version: 5.1.1.792)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
Diablo III (x32)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 140.0.100.000)
EN (x32 Version: 13.1)
Fax (x32 Version: 140.0.213.000)
FHA Software for Windows (x32 Version: 10.04.30)
FHA Software for Windows (x32 Version: 10.10.31)
FHA Software for Windows (x32 Version: 10.11.30)
FHA Software for Windows (x32 Version: 10.12.31)
FHA Software for Windows (x32 Version: 11.01.31)
FHA Software for Windows (x32 Version: 11.02.28)
FHA Software for Windows (x32 Version: 11.03.31)
FHA Software for Windows (x32 Version: 11.04.30)
FHA Software for Windows (x32 Version: 11.05.31)
FHA Software for Windows (x32 Version: 11.06.30)
FHA Software for Windows (x32 Version: 11.07.31)
FHA Software for Windows (x32 Version: 11.08.31)
FHA Software for Windows (x32 Version: 11.09.30)
FHA Software for Windows (x32 Version: 11.10.31)
FHA Software for Windows (x32 Version: 11.11.30)
FHA Software for Windows (x32 Version: 11.12.31)
FHA Software for Windows (x32 Version: 12.01.31)
FHA Software for Windows (x32 Version: 12.02.29)
FHA Software for Windows (x32 Version: 12.03.31)
FHA Software for Windows (x32 Version: 12.05.31)
FHA Software for Windows (x32 Version: 12.06.30)
FHA Software for Windows (x32 Version: 12.08.31)
File Opener Pro (x32)
FontNav (x32 Version: 5.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
GPBaseService2 (x32 Version: 140.0.212.000)
Guild Wars (x32)
Guild Wars 2 (x32)
H&R Block Deluxe + Efile + State 2010 (x32 Version: 10.04.6402)
H&R Block Deluxe + Efile + State 2011 (x32 Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (x32 Version: 12.05.7803)
H&R Block Minnesota 2010 (x32 Version: 1.10.3601)
H&R Block Minnesota 2011 (x32 Version: 1.11.3901)
H&R Block Minnesota 2012 (x32 Version: 1.12.4701)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
ImageMixer 3 SE Ver.6 Transfer Utility (x32 Version: 6.00.018)
ImageMixer 3 SE Ver.6 Video Tools (x32 Version: 6.00.019)
Internet TV for Windows Media Center (x32 Version: 4.2.2.0)
iTunes (Version: 10.2.1.1)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.214.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Camera Codec Pack (Version: 16.0.0652.0621)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NCsoft Launcher (x32 Version: 1.5.25.1)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.8 (Version: 1.8)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Update 10.10.5 (Version: 10.10.5)
NVIDIA Update Core (Version: 10.10.5)
NVIDIA Virtual Audio 1.2.12 (Version: 1.2.12)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
PDF Settings (x32 Version: 1.0)
PDF Settings CS6 (x32 Version: 11.0)
PHOTOfunSTUDIO 9.0 LE (x32 Version: 9.00.017)
ProductContext (x32 Version: 140.0.000.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194)
RIFT (HKCU)
Scan (x32 Version: 140.0.167.000)
Seagate Manager Installer (x32 Version: 2.01.0600)
SHIELD Streaming (Version: 1.6.75)
SmartWebPrinting (x32 Version: 140.0.213.000)
SolutionCenter (x32 Version: 140.0.214.000)
StarCraft II (x32)
Status (x32 Version: 140.0.256.000)
Steam (x32 Version: 1.0.0.0)
Supreme Commander 2 (x32)
System Requirements Lab (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Manager (x32 Version: 4.60)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
WebReg (x32 Version: 140.0.213.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0)
World of Warcraft (x32)
World of Warcraft Beta (x32 Version: 5.0.5.16048)
==================== Restore Points =========================
20-12-2013 04:15:11 avast! antivirus system restore point
20-12-2013 04:26:05 avast! antivirus system restore point
20-12-2013 05:32:48 avast! antivirus system restore point
20-12-2013 21:20:31 AA11
20-12-2013 21:35:56 Installed AVG 2014
20-12-2013 21:36:25 Installed AVG 2014
21-12-2013 02:45:20 Removed 7-Zip 9.21
21-12-2013 02:52:02 Removed AVG 2014
21-12-2013 03:02:25 Removed AVG 2014
==================== Hosts content: ==========================
2009-07-13 20:34 - 2013-05-01 20:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {5DDEF55E-5C4D-4F9C-A8D3-D1E04637CFF8} - System32\Tasks\AdobeAAMUpdater-1.0-Phantom-PC-Phantom => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {68A2D8AC-14F5-4DBB-A45C-C4494AAE36AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16] (Adobe Systems Incorporated)
Task: {7BBB07CE-9EBA-41C1-B849-FBEA76D59FFE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A01D168B-DF0B-4AFC-8986-CA9D54F6E694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: {A2D31C8F-2375-46D9-892D-146632D2BF53} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {AF2D058D-AF3C-4FF8-916B-775127A2864C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4115959996-671547687-3831804364-1000
Task: {B251AEB9-C56C-4328-98B3-786B57310F4A} - System32\Tasks\DigitalSite => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D2168AA3-F746-452B-BE01-FC3CF46F7CEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
==================== Faulty Device Manager Devices =============
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2013 10:12:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 31b0
Start Time: 01cf005bafa669f2
Termination Time: 32
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 995ab374-6c51-11e3-b13c-406186cbf8a7
Error: (12/22/2013 10:53:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x950
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (12/22/2013 10:42:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: mshtml.dll, version: 11.0.9600.16476, time stamp: 0x52948abb
Exception code: 0xc00000fd
Fault offset: 0x00000000000828d9
Faulting process id: 0x1954
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (12/22/2013 09:37:11 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (12/22/2013 06:47:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x71c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (12/21/2013 00:02:51 AM) (Source: Application Hang) (User: )
Description: The program iSafe.exe version 3.6.24.5531 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1138
Start Time: 01cefe11c374c3d8
Termination Time: 23
Application Path: C:\Program Files (x86)\iSafe\iSafe.exe
Report Id: 6f8536eb-6a05-11e3-aeb8-406186cbf8a7
Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (12/20/2013 11:43:23 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (12/20/2013 11:39:46 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

System errors:
=============
Error: (12/23/2013 10:47:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (12/23/2013 10:47:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:46:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:46:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:46:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:45:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:45:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:44:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:44:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (12/23/2013 10:43:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}{C96887DA-A652-4426-905E-4A37546F847C}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (01/16/2012 07:21:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 188 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 12279.12 MB
Available physical RAM: 10163.59 MB
Total Pagefile: 24558.23 MB
Available Pagefile: 22194.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1397.16 GB) (Free:763.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: ACC8B171)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

IMPORTANT! Restart computer.

Re-run FRST "Scan" one more time and post fresh log.

 

[Roger8118]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2013
Ran by Phantom at 2013-12-23 23:40:58 Run:1
Running from C:\Users\Phantom\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll ATTENTION! ====> ZeroAccess?
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {2ed51819-0496-11e0-acec-406186cbf8a7} - E:\LaunchU3.exe -a
MountPoints2: {b93aba28-3b24-11e2-90c3-406186cbf8a7} - E:\autorunner.exe "John Deere New Products 2012.exe"
MountPoints2: {e4f56448-7f53-11e1-84ab-406186cbf8a7} - E:\MotoCastSetup.exe -a
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={6CAF0C1E-DE19-11E2-9493-406186CBF8A7}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/resul...AtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...1-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q...-9493-406186CBF8A7}&crg=3.5000006.10042&st=23
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
S4 Ntfddmkm; No ImagePath
C:\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll
C:\Users\Phantom\AppData\Local\Temp\skikyej
C:\ProgramData\uninstaller.exe
Task: {B251AEB9-C56C-4328-98B3-786B57310F4A} - System32\Tasks\DigitalSite => C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ed51819-0496-11e0-acec-406186cbf8a7} => Key deleted successfully.
HKCR\CLSID\{2ed51819-0496-11e0-acec-406186cbf8a7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93aba28-3b24-11e2-90c3-406186cbf8a7} => Key deleted successfully.
HKCR\CLSID\{b93aba28-3b24-11e2-90c3-406186cbf8a7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f56448-7f53-11e1-84ab-406186cbf8a7} => Key deleted successfully.
HKCR\CLSID\{e4f56448-7f53-11e1-84ab-406186cbf8a7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
Winsock: Catalog entry 000000000009 => Deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0 => Key deleted successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
Ntfddmkm => Service deleted successfully.
"C:\Users\Phantom\AppData\Local\Temp\skikyej\sjupnhd\wow.dll" => File/Directory not found.
C:\Users\Phantom\AppData\Local\Temp\skikyej => Moved successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B251AEB9-C56C-4328-98B3-786B57310F4A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B251AEB9-C56C-4328-98B3-786B57310F4A} => Key deleted successfully.
C:\Windows\System32\Tasks\DigitalSite => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
==== End of Fixlog ====

 

[Roger8118]

First scan after restart froze so I scanned again.


can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
Ran by Phantom (administrator) on PHANTOM-PC on 23-12-2013 23:51:39
Running from C:\Users\Phantom\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-24] (Google Inc.)
HKCU\...\Policies\system: [NoSecCPL] 0
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\system: [NoDevMgrPage] 0
HKCU\...\Policies\system: [NoConfigPage] 0
HKCU\...\Policies\system: [NoVirtMemPage] 0
HKCU\...\Policies\system: [NoFileSysPage] 0
HKCU\...\Policies\system: [NoNetSetup] 0
HKCU\...\Policies\system: [NoNetSetupIDPage] 0
HKCU\...\Policies\system: [NoNetSetupSecurityPage] 0
HKCU\...\Policies\system: [NoWorkgroupContents] 0
HKCU\...\Policies\system: [NoEntireNetwork] 0
HKCU\...\Policies\system: [NoFileSharingControl] 0
HKCU\...\Policies\Explorer: [NoThumbnailCache] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKCU\...\Policies\Explorer: [RestrictRun] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12D03BCF7226CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.159.193.40 24.205.224.36
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-11-21] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-14] ()
S3 cpuz134; \??\C:\Users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
U0 helpsvc;
U0 ImapiService;
U0 Irmon;
U0 Messenger;
U0 srservice;
U0 UPS;
U0 WinDHCPsvc;
U0 WZCSVC;
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-23 23:45 - 2013-12-23 23:51 - 00011874 _____ C:\Users\Phantom\Desktop\FRST.txt
2013-12-23 23:38 - 2013-12-23 23:38 - 00000355 _____ C:\Users\Phantom\Desktop\Computer - Shortcut.lnk
2013-12-23 22:48 - 2013-12-23 22:49 - 00025852 _____ C:\Users\Phantom\Downloads\Addition.txt
2013-12-23 22:47 - 2013-12-23 22:49 - 00041988 _____ C:\Users\Phantom\Downloads\FRST.txt
2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Desktop\FRST64.exe
2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
2013-12-23 22:02 - 2013-12-23 22:03 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
2013-12-22 13:23 - 2013-12-22 18:34 - 00004840 _____ C:\Windows\PFRO.log
2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
2013-12-21 14:25 - 2013-12-23 23:43 - 00001344 _____ C:\Windows\setupact.log
2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
2013-12-20 22:40 - 2013-12-23 22:43 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
2013-12-20 22:40 - 2013-12-22 21:37 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
2013-12-20 22:40 - 2013-12-20 22:45 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
2013-12-20 22:38 - 2013-12-23 22:43 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-20 22:38 - 2013-12-21 16:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
2013-12-20 15:41 - 2013-12-21 00:18 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
2013-12-20 15:37 - 2013-12-20 21:05 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-20 15:36 - 2013-12-21 00:17 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-20 15:34 - 2013-12-21 00:17 - 00000000 ____D C:\ProgramData\MFAData
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
2013-12-20 14:35 - 2013-12-20 14:39 - 00000162 _____ C:\Windows\Reimage.ini
2013-12-20 14:11 - 2013-12-20 14:12 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 22:14 - 2013-12-19 23:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
2013-12-19 15:46 - 2013-12-22 17:58 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
2013-12-16 03:04 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-16 03:04 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-16 03:04 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-16 03:04 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-16 03:03 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 03:03 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-16 03:03 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-16 03:03 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-16 03:03 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-16 03:03 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-16 03:03 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 03:03 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-16 03:03 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-16 03:03 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-16 03:03 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-16 03:03 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-16 03:03 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-16 03:03 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-16 03:03 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-16 03:03 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-16 03:03 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-16 03:03 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 03:03 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-16 03:03 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-16 03:03 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-16 03:03 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-16 03:03 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 03:03 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-16 03:03 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-16 03:03 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 03:03 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-16 03:03 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-16 03:03 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-16 03:03 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-16 03:03 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
2013-12-15 23:17 - 2013-11-29 10:58 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-15 23:17 - 2013-11-29 10:58 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-15 23:16 - 2013-10-30 11:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-15 23:16 - 2013-10-30 11:02 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-15 23:16 - 2013-10-30 11:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-15 23:04 - 2013-11-14 05:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-15 23:04 - 2013-11-14 05:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-15 22:05 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-15 22:05 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-15 22:04 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-15 22:04 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-15 22:04 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-15 22:04 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-15 22:04 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-15 22:04 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-15 22:04 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-15 22:04 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-15 22:04 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-15 22:03 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-15 22:03 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-15 22:03 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-15 22:03 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-15 22:03 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-15 22:03 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-15 22:03 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-15 22:03 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
==================== One Month Modified Files and Folders =======
2013-12-23 23:52 - 2013-12-23 23:45 - 00011874 _____ C:\Users\Phantom\Desktop\FRST.txt
2013-12-23 23:52 - 2012-04-01 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 23:49 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 23:49 - 2009-07-13 22:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 23:48 - 2010-11-24 17:59 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 23:43 - 2013-12-21 14:25 - 00001344 _____ C:\Windows\setupact.log
2013-12-23 23:43 - 2010-11-24 17:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 23:43 - 2010-10-29 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-23 23:43 - 2010-10-29 11:04 - 01138751 _____ C:\Windows\WindowsUpdate.log
2013-12-23 23:43 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 23:40 - 2013-11-14 18:40 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-23 23:38 - 2013-12-23 23:38 - 00000355 _____ C:\Users\Phantom\Desktop\Computer - Shortcut.lnk
2013-12-23 23:05 - 2010-11-22 17:05 - 00000000 ____D C:\Users\Phantom\Documents\Roger
2013-12-23 22:49 - 2013-12-23 22:48 - 00025852 _____ C:\Users\Phantom\Downloads\Addition.txt
2013-12-23 22:49 - 2013-12-23 22:47 - 00041988 _____ C:\Users\Phantom\Downloads\FRST.txt
2013-12-23 22:47 - 2013-12-23 22:47 - 01928604 _____ (Farbar) C:\Users\Phantom\Desktop\FRST64.exe
2013-12-23 22:47 - 2013-12-23 22:47 - 00000000 ____D C:\FRST
2013-12-23 22:43 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Mobogenie
2013-12-23 22:43 - 2013-12-20 22:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-23 22:41 - 2011-01-25 14:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-23 22:03 - 2013-12-23 22:02 - 00688992 ____R (Swearware) C:\Users\Phantom\Downloads\dds (1).scr
2013-12-23 13:06 - 2010-11-23 02:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\Adobe
2013-12-22 22:52 - 2010-12-03 21:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\Deployment
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Spider Solitaire - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Mahjong Titans - Shortcut.lnk
2013-12-22 21:57 - 2013-12-22 21:57 - 00000136 _____ C:\Users\Phantom\Desktop\Hearts - Shortcut.lnk
2013-12-22 21:37 - 2013-12-20 22:40 - 00000621 _____ C:\Users\Phantom\daemonprocess.txt
2013-12-22 18:35 - 2009-07-13 23:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-22 18:34 - 2013-12-22 13:23 - 00004840 _____ C:\Windows\PFRO.log
2013-12-22 18:28 - 2013-11-14 18:40 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\DigitalSite
2013-12-22 17:58 - 2013-12-19 15:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Ahkomua
2013-12-22 13:40 - 2013-11-14 19:40 - 00000101 _____ C:\Users\Phantom\AppData\Roaming\WB.CFG
2013-12-21 16:46 - 2013-12-21 16:46 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:46 - 2013-12-21 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:39 - 2013-12-20 22:38 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\iSafe
2013-12-21 16:34 - 2013-10-29 00:03 - 00000000 ____D C:\Windows\Minidump
2013-12-21 15:28 - 2013-12-21 15:28 - 00289136 _____ C:\Windows\Minidump\122113_fadb02dc-6fdf-4509-9d91-c86612b0f5fb.dmp
2013-12-21 15:27 - 2013-12-21 15:27 - 493108175 _____ C:\Windows\MEMORY.DMP
2013-12-21 14:25 - 2013-12-21 14:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-21 00:18 - 2013-12-20 15:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\AVG2014
2013-12-21 00:18 - 2012-02-21 18:37 - 00000000 ____D C:\Users\UpdatusUser.Phantom-PC
2013-12-21 00:17 - 2013-12-20 15:36 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-21 00:17 - 2013-12-20 15:34 - 00000000 ____D C:\ProgramData\MFAData
2013-12-21 00:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-20 23:47 - 2009-07-13 22:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
2013-12-20 22:45 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\cache
2013-12-20 22:41 - 2013-12-20 22:41 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\eCyber
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\Documents\Mobogenie
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\AppData\Local\genienext
2013-12-20 22:40 - 2013-12-20 22:40 - 00000000 ____D C:\Users\Phantom\.android
2013-12-20 22:40 - 2010-11-20 21:52 - 00000000 ____D C:\Users\Phantom
2013-12-20 22:39 - 2013-12-20 22:39 - 00000000 ____D C:\Windows\system32\log
2013-12-20 21:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-20 21:05 - 2013-12-20 15:37 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-20 20:29 - 2013-12-20 20:29 - 00002194 _____ C:\Users\Phantom\Documents\cc_20131220_202909.reg
2013-12-20 20:26 - 2010-11-21 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-20 15:45 - 2013-11-01 12:24 - 00000000 ____D C:\Users\Phantom\AppData\Local\FzgyPack
2013-12-20 15:43 - 2013-03-25 11:36 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\Bitcoin
2013-12-20 15:40 - 2013-12-20 15:40 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Users\Phantom\AppData\Roaming\TuneUp Software
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Users\Phantom\AppData\Local\MFAData
2013-12-20 14:39 - 2013-12-20 14:35 - 00000162 _____ C:\Windows\Reimage.ini
2013-12-20 14:38 - 2013-12-20 14:38 - 00000000 ____D C:\ProgramData\CDB
2013-12-20 14:12 - 2013-12-20 14:11 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool32.exe
2013-12-20 03:01 - 2013-12-20 03:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 23:51 - 2013-12-19 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 23:36 - 2013-12-19 22:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-19 22:21 - 2010-11-24 17:59 - 00000000 ____D C:\Users\Phantom\AppData\Local\Google
2013-12-19 22:21 - 2010-11-24 17:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-19 22:08 - 2009-07-13 23:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 21:51 - 2013-12-19 21:51 - 00004500 _____ C:\Users\Phantom\Documents\cc_20131219_215129.reg
2013-12-19 20:19 - 2013-12-19 20:19 - 00860176 _____ (Microsoft Corporation) C:\Users\Phantom\Downloads\mssstool64.exe
2013-12-19 00:55 - 2010-11-25 21:06 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-16 13:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 03:24 - 2012-04-01 19:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-16 03:24 - 2012-04-01 19:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 03:24 - 2011-05-17 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 03:23 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 03:23 - 2009-07-13 22:45 - 05295112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 03:04 - 2010-11-21 01:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-16 03:02 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 03:01 - 2010-11-21 16:51 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 23:17 - 2013-12-15 23:17 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-15 23:17 - 2013-12-15 23:17 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA Corporation
2013-12-15 23:17 - 2013-11-14 19:22 - 00000000 ____D C:\Users\Phantom\AppData\Local\NVIDIA
2013-12-15 23:17 - 2010-10-29 11:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-15 23:17 - 2010-10-29 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-05 01:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-29 19:43 - 2010-11-24 17:59 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 19:43 - 2010-11-24 17:59 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-29 10:58 - 2013-12-15 23:17 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 10:58 - 2013-12-15 23:17 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-26 14:51 - 2013-11-26 14:51 - 00008162 _____ C:\Users\Phantom\Documents\cc_20131126_145109.reg
2013-11-26 05:54 - 2013-12-16 03:03 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 04:19 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 04:18 - 2013-12-16 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 04:11 - 2013-12-16 03:03 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:48 - 2013-12-16 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:46 - 2013-12-16 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:41 - 2013-12-16 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:29 - 2013-12-16 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:27 - 2013-12-16 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:23 - 2013-12-16 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:21 - 2013-12-16 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:18 - 2013-12-16 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:18 - 2013-12-16 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:16 - 2013-12-16 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 02:57 - 2013-12-16 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 02:38 - 2013-12-16 03:03 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 02:38 - 2013-12-16 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 02:35 - 2013-12-16 03:03 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 02:32 - 2013-12-16 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 02:28 - 2013-12-16 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 02:16 - 2013-12-16 03:03 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 02:02 - 2013-12-16 03:03 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 01:48 - 2013-12-16 03:03 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 01:32 - 2013-12-16 03:03 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 01:26 - 2013-12-16 03:03 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 01:07 - 2013-12-16 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:40 - 2013-12-16 03:03 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:34 - 2013-12-16 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:34 - 2013-12-16 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:33 - 2013-12-16 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-12-16 03:03 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 12:26 - 2013-12-15 22:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 11:47 - 2013-12-15 22:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
Files to move or delete:
====================
C:\Users\Phantom\Photoshop_13_LS16.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-21 20:19
==================== End Of Log ============================

 

[Broni]

Very good.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Roger8118]

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phantom [Admin rights]
Mode : Remove -- Date : 12/24/2013 15:57:47
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
--- User ---
[MBR] dc909e69c21fd7e3c315285a0539872f
[BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_12242013_155747.txt >>
RKreport[0]_S_12242013_155356.txt

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phantom [Admin rights]
Mode : Scan -- Date : 12/24/2013 15:53:56
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
--- User ---
[MBR] dc909e69c21fd7e3c315285a0539872f
[BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_12242013_155356.txt >>

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phantom [Admin rights]
Mode : Remove -- Date : 12/24/2013 15:57:47
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] DigitalSite.job : C:\Users\Phantom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS ATA Device +++++
--- User ---
[MBR] dc909e69c21fd7e3c315285a0539872f
[BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_12242013_155747.txt >>
RKreport[0]_S_12242013_155356.txt

There is also a RK_Quarantine file.
I will now do restore point and MalwareBytes AntiRootKit and post that.

 

[Roger8118]

File exceeds 50,000 chr broken apart part 1

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.074000 GHz
Memory total: 12875587584, free: 5441961984
Downloaded database version: v2013.12.25.02
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
12/25/2013 00:37:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ad91790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa800ab6b060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ad91790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ad912c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ad91790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ab5e580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ab6b060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Forged file]
Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak
Infected: C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Unknown.Rootkit.Driver]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ACC8B171
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 2930065408
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Done!
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F8F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz13D5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz142D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz14E8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz150C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC82.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACC3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACED.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD31.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD71.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADC4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADEF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE88.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE8D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAEA5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF0E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF11.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF2C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF52.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB001.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB033.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB0C8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB119.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB176.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6608.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6635.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6671.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz66B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6738.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz677D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz67AF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6837.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6843.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6848.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6852.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz685E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6864.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6892.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz68CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6945.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6961.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A22.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A44.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A52.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A5A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A6E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A9B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6AD7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B0A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B75.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B76.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BA6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BAE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BC4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C06.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C8E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CA9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7C6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD802.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD81.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD818.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD831.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD832.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD84F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD860.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8B9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD907.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD98D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9C6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9E4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA09.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA1B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA91.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB0A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB2D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB69.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB76.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A13.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A46.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A64.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A68.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AB8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AD8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B80.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B94.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C16.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C8E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3CC9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D1A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D61.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DA9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DDB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E29.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E3D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E5E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E6D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E88.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3EBC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3ECA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F5E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8472.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz84A6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8508.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8513.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8526.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8528.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz853C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz854F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8570.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz858C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85B9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85E9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz861.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8649.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz866.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8669.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8670.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz86D3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz875C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87C9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8840.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88B9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88D6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8906.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz890C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz896E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8979.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz897F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz899C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89D4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A05.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1574.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A68.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F24.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz240E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A0C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F6B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3486.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FE6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46FF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C0C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B05.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61C1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7412.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz77C3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8470.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A1F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC211.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC271.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC272.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2AE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC300.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC351.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3E2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3EE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC40E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC435.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC436.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC458.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC4CA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC51B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC52C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC53D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC559.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC55A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC60F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC651.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC658.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC65A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6C8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6D8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB16.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB73.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB81.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBBC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBCD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBD0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEC1A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECA7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECBA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECC1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED01.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED4D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED87.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED8C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE07.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE0E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE10.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE54.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE9A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEEC0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEED7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF14.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF37.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF64.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF83.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF8C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEFD7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF008.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF013.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz51F6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5253.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5268.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz528C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz532.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5338.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5376.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53B7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53D3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53F2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5418.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5499.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz549A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54A9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54AA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz550B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz551.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55B5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2439.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2457.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24D8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2518.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz257A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz258C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25A6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25AB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz262E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2680.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz26BF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2715.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27F0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz280C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2863.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2864.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz289F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28BD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28FF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz293E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2950.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz296E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2971.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29E0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29F2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz97F1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9801.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz984B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9870.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98E4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98F0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9907.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9917.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9934.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9980.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9AF0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B1A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B25.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B2B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B36.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B3F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B6A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BA8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BC8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BCA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BEB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C57.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C58.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CD6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7441.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7490.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74D1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7501.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7524.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz754A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz759F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75B3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75F8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7657.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7674.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7694.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz775D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7771.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz777F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7797.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2FF7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3020.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30CC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30D9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3111.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz311B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3137.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz317A.tmp --> [Trojan.Agent.EDZR]

 

[Roger8118]

System part 2

Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB80.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB809.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB817.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB87B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8FF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB957.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB97A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9A6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9C4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA02.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA03.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA44.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA58.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA66.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAB3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBACB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAFB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB06.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB31.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB42.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBBDE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC18.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCC3C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCB8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCBA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCDC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCE9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD5F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD60.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD7E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDE7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE08.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE31.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE35.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE55.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF04.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF17.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF19.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF3C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF76.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF84.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFD3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFFD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD023.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD03D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD0B2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD119.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD12E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD140.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD152.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD1C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD203.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD21B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5BC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5DC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF628.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF658.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF673.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6F2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF73F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF764.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF768.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7AB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7E0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7F6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF810.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF84F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF887.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8B0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8C2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF903.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF92D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF949.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF9C9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFA52.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFACE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4719.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4724.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4749.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4754.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4758.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4774.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4788.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47A6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47CB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz491.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz492A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4977.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49AC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49D0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A5B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A6C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A7A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4AB3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4ADB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B3C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B55.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B99.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BE9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C22.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C33.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CF3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D1C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D57.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D7B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D94.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D96.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D98.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E5D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E62.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E81.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5EE3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F57.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F6B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F74.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F82.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F87.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F98.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5FE5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6088.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz60B9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6118.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6169.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61AE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA28.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA280.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2B0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2E2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3FA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA402.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA41B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA45F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA485.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA496.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA4B3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA505.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA523.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA524.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA58D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5B2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5E9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA61A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA622.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA626.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA631.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6F7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA758.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA81C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA870.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE17E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE185.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE197.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1E2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE22B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE254.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE260.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE267.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE279.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE2E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE304.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE35D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3D6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE444.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE452.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE492.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4AC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4D9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE501.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE52B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE544.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE561.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE573.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE578.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5E4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5EB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A94.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B0E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B11.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B1A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B51.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B53.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B6D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C08.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C2B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C3D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C7F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CB1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CCF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CF9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CFF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1D72.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DA5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E07.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E30.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E32.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F0A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F22.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9018.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz904A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz905B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9068.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz907A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90A5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz910C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9157.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9193.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz91B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9204.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9240.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9249.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9254.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92DE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92EB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92FC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9300.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz939B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BC6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C0D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C66.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C8E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CCE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CFD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D3D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D52.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D7D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D94.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D9D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E16.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E90.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7EAF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7F21.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FDD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FFF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80EB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8125.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8153.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81E3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81FA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8203.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz827C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8291.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz82F6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz83.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8334.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8377.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8463.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D08.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D1C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D52.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D9B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6DC7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EAA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EB8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EF2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6F3D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FCB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FDB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7024.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz702C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz703A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz707B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz70F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz712A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7139.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz713D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz715E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71EF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71F1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz721D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7317.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz731B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7338.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz734D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz73A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC34.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC4F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBCE1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD53.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD75.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD9E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE0C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE1B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE58.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE69.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEAA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBECD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEDB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF41.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF48.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF7C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF88.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF90.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF91.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBFA8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC064.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC08D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC09A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0A7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0B5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0E3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC12.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC138.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC19.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1A9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1DB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C21.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4CF9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D38.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D49.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D90.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4DDD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E12.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E36.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4EE2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F19.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F2F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F31.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F9C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5014.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5034.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5043.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz504F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5054.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5062.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5064.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5077.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz508.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz513.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz514F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5173.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FEB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4036.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz408C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz40E5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz412F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4170.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4191.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41FF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz421F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4251.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz429F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42B8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42DE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42FE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4322.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4330.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4365.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz443C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4451.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448B.tmp --> [Trojan.Agent.EDZR]

 

[Roger8118]

System part 4

Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz450.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4502.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz453.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4556.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz455A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz45E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4605.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz463D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4675.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46A4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46C6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D56.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E39.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E90.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9F75.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FA0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FAB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA00E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA01D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA02E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA030.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA080.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0BD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0CD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA108.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA14C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1C0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1CB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD27D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2AA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2B6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2CB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD35B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD370.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD39C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3B2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3CC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3DA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3E9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD419.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD453.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD479.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD494.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4A1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD527.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD54F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD570.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5B5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD62B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD65.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD691.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD698.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6B3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6F3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD710.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD72C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD731.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD779.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE659.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6AA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6B0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6C6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6EC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6FE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE765.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE776.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE77A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE85B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE89B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8C7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8F8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE912.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE996.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9A1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9C9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9DE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA4A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA53.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA61.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAAE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAEE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAF1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A30.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A94.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2AF6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B06.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B82.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2BAA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C66.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C72.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C73.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CA5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CBA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CC1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D14.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D23.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D65.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DA6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DD7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E36.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E4E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E56.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E68.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E81.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EA6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EFA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F5C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz354F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3551.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz355D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3566.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3571.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3577.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3591.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35AD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35E0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35FE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3611.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3662.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3672.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz36D2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz370A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3721.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz373E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz37A1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3809.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3828.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3863.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38D3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3975.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39CC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A40.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AAF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ACF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AD6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ADD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8B39.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BB2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BE4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BF2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C33.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C3F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8CA6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D10.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D2D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D7F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DAB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DE3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DEE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DF4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E02.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E08.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E59.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E85.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E8A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E96.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F25.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F35.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F3C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F43.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF046.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF080.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF09.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF0FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF146.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF176.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF202.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF265.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF276.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF27C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2CF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2D9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF336.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF33D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF36B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF37E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3BA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3F9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF401.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF44D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF46A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF478.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF47E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4BC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4D6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB23.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB56.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB58.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBA5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBF9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBFA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC0C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC21.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC2C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC46.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC5C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC67.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCED.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD57.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD79.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDEA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFE4E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFEC8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF44.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF56.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF58.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF6B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC716.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC776.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC7C6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC843.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC854.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC857.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC874.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8CA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8DA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC93F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC981.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9B3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9BB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9CF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9DF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCABE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB1F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB2E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB5B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB87.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBCC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBB1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC2C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC40.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC78.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC87.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC98.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC9D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCC4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCD6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD1F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD41.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD6D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE03.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE0D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE9E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDF70.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFCF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFEC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE01C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE026.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE083.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0DE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE103.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93E5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz979.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D4D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA24E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA877.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB197.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5EE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC31.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC705.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBF7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD24D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7B1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBA6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE648.tmp --> [Trojan.Agent.EDZR]

 

[Roger8118]

System Part 5

Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB0D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF022.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF573.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB11.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55F4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz565C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56A8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56BF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56E8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56F2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz571.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57AE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57CC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz582C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5839.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5878.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz587E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz58F1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5924.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5930.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5951.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A06.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A0C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A3B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A4C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A6E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5AE2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61EF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61F5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz625D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62B8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62C8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62D2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6336.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6349.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63D1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63DC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63E8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63ED.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63FE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6467.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64EE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz651A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz654.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz659D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65CF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F74.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F77.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F80.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FA8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FD3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2072.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2094.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2095.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2104.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2117.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2145.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz214F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz220B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz226D.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2279.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2370.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2388.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz238A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23DA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23E6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23ED.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93FA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz947E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9491.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94B1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94BE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94D0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz950B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9581.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz95AD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz963.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz966.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz967A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96BF.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96CA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9742.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9744.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9766.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9772.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA87C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA881.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA887.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8DB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8FC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA957.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA95E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA97B.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA989.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA999.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA9F3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA27.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA42.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA4F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA71.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA9C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAA8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAB6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAFB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB3A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB8C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzABBE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz15B7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1622.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1637.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1639.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz163E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1698.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16B4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16BB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16E9.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1792.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17C5.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17D7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1819.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz184A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1883.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1899.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz191C.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz194E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1979.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1992.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19DA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19EB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1C1.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1E7.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB22A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB265.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB266.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2DE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2F3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2FB.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB365.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB374.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB377.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A8.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB458.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB474.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB499.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB501.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB504.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB52E.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB53F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB560.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5BD.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E2.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7819.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7868.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7897.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz78E6.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7907.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz791F.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7937.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7957.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7999.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz79B0.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A25.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A29.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A2A.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A3.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A49.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AAE.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AC.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7ACA.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7B29.tmp --> [Trojan.Agent.EDZR]
Infected: C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB4.tmp --> [Trojan.Agent.EDZR]
Infected: C:\$Recycle.Bin\S-1-5-18\$400216564d6d26e9ca6e3085e6c4f832 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.074000 GHz
Memory total: 12875587584, free: 11218141184
=======================================

 

[Roger8118]

Mbar log Part 1 exceeds 50,000 chr also.

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.25.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Phantom :: PHANTOM-PC [administrator]
12/25/2013 12:37:27 AM
mbar-log-2013-12-25 (00-37-27).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 311563
Time elapsed: 1 hour(s), 22 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\$Recycle.Bin\S-1-5-18\$400216564d6d26e9ca6e3085e6c4f832 (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 1333
C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F8F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz13D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz142D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz14E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz150C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACC3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzACF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAD71.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzADF1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAE8D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAEA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAF52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB001.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB033.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB0C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB119.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB16C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB176.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6608.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6635.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6671.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz66B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz671F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6738.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz677D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz67AF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6837.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6843.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6848.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6852.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz685E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6864.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6892.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz68CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6945.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6961.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A6E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6A9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6AD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6B76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6BC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CA9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD802.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD818.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD831.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD832.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD84F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD860.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD8EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD98D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD9E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA09.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDA91.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB69.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDB76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A13.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A46.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A64.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3A68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3AD8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3B94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3CC9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3D61.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DA9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3DDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3E88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3EBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3ECA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3F5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8472.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz84A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8508.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8513.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8526.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8528.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz853C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz854F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8570.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz858C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz85E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz861.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8649.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz866.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8669.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8670.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz86D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz875C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz87CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8840.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz88D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8906.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz890C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz896E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz897F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz899C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz89D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A05.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1574.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F24.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz240E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3486.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FE6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B05.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61C1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7412.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz77C3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8470.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC211.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC271.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC272.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC2C0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC300.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC351.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC3EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC40E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC435.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC436.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC458.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC4CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC51B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC52C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC53D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC559.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC55A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC60F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC651.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC658.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC65A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC6D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB73.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEBD0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEC1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECA7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzECC1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED01.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED4D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzED8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE07.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE10.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE54.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEE9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEEC0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEED7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF14.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF37.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF64.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF83.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEF8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEFD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF008.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF013.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz519F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz51F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5253.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5268.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz528C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz532.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5338.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5376.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz53F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5418.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5499.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz549A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz54CE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz550B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz551.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2439.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2457.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz24FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2518.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz257A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz258C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz25AB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz262E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2680.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz26BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2715.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz27FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz280C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz284F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2863.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2864.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz289F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz28FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz293E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2950.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz296E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2971.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz29F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz97F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9801.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz984B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9870.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz98F0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9917.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9934.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9980.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz99F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9AF0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B6A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BCA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9BEB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9CD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7441.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7490.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz74D1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7524.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz754A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz759F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz75F8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7657.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7674.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7694.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz775D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7771.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz777F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7797.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2FF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3020.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz30E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz310F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3111.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz311B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3137.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz317A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3198.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz31BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz320C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz321B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz324D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz32E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz332B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.

 

[Roger8118]

Mbar log Part 2 exceeds 50,000 chr also.

C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3351.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz33B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz33C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz340D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz346D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB64D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB665.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB667.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6A0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB6CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB752.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB754.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB769.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB7DD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB809.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB817.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB87B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB8FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB97A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB9C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA02.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA03.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBA66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAB3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBACB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBAFB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBB42.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBBDE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC18.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCC3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCDC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCCE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD60.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCD7E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCDE7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE35.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCE55.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF04.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF17.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF76.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCF84.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFD3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCFFD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD023.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD03D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD0B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD119.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD12E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD140.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD152.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD1C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD203.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD21B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF5DC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF628.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF658.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF673.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF6F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF73F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF764.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF768.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7AB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF7F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF810.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF84F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF887.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF8C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF903.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF92D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF949.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF9C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFA52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFACE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4719.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4724.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4749.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4754.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4758.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4774.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4788.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47A6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz47CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48A7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz48E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz491.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz492A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4977.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz49D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A5B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A6C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4A7A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4AB3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4ADB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B55.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B8F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4B99.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4BEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5B0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5C33.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5CF3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D1C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D7B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D96.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5D98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E62.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5E81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5EE3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F74.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5F98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5FE5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6088.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz60B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6118.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6169.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA28.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA280.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA3FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA402.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA41B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA45F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA485.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA496.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA4B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA505.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA523.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA524.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA58D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA5FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA61A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA622.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA626.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA631.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA6F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA758.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA81C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA870.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE17E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE185.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE197.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE1E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE22B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE254.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE260.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE267.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE279.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE2E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE304.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE35D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE444.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE452.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE492.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE4D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE52B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE544.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE561.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE573.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE578.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5E4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE5FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1A94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1AAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B0E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B1A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B51.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1B6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C2B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1C7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CB1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CCF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1CFF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1D72.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1DF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E07.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E30.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E32.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F0A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F22.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9018.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz904A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz905B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9068.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz907A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90A5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz90F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz910C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9157.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9193.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz91B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9204.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9240.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9249.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9254.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz925F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz92FC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9300.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz938B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz939B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BC6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7C8E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7CFD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D7D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7D9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E16.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7E90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7EAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7F21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FDD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7FFF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz800D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz80F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8125.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8153.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz81FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8203.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz827C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8291.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz82F6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz83.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8334.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8377.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8463.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6CE9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D1C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D52.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6D9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6DC7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EB8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6EF2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6F3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FCB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6FDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7024.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz702C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz703A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz707B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz70F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz712A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7139.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz713D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz715E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz716F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz71F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz721D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7317.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz731B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7338.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz734D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz73A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC34.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBCE1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBD9E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBE69.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBECD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBEDB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF41.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF48.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF7C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF88.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBF91.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBFA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC064.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC08D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC09A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0A7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0E3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC0F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC12.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC138.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1A9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1DB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4CF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D38.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D49.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4D90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4DDD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E12.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4E36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4EE2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F19.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F2F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4F9C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz500F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5014.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5034.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5043.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz504F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5054.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5062.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5064.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5077.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz508.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz513.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz514F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5173.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3FEB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4036.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz408C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz40E5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz412F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4170.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4191.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz41FF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz421F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4251.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz429F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42D4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz42FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4322.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4330.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4365.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz443C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4451.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz448C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz450.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4502.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz453.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4556.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz455A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz45E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4605.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz463D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz4675.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46A4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz46C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D5F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D9B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E39.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9E90.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9F75.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FA0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FAB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9FB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA00E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA01D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA02E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA030.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA080.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA0CD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA108.tmp (Trojan.Agent.EDZR) -> Delete on reboot.

 

[Roger8118]

Mbar log Part 3 exceeds 50,000 chr also.

C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA14C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1C0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA1CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD27D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2B6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD2CB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD35B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD370.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD39C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3B2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD3E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD419.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD453.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD479.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD494.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD527.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD54F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD570.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD5E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD62B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD65.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD691.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD698.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD6F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD710.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD72C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD731.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD779.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE659.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6AA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6EC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE6FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE765.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE776.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE77A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE85B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE89B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE8F8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE912.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE996.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9B9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9C9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE9DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA4A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA53.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEA61.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEAF1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A30.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2A94.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2AF6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2B82.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2BAA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C66.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C72.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2C73.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CB9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CBA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2CC1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D14.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D23.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2D65.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2DD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E36.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E68.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2E81.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2EFA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2F5C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz354F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3551.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz355D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3566.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3571.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3577.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3591.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35AD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz35FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3611.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3662.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3672.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz36D2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz370A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3721.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz373E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz37A1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3809.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3828.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3863.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38D3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz38FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz3975.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39C7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz39D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8A40.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AAF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ACF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8AD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8ADD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8B39.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BB2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BE4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8BF2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C33.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8C3F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8CA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D10.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D2D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D7F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DAB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DE3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DEE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8DF4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E02.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E08.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E59.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E85.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E8A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8E96.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F35.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F3C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F43.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz8F7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF046.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF080.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF09.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF0FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF146.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF176.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF1FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF202.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF265.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF276.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF27C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF2D9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF336.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF33D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF36B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF37E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3BA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF3F9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF401.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF44D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF46A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF478.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF47E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4BC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4D6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB23.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBA5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBF9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFBFA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC21.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC46.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC5C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFC67.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFCED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD57.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFD79.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDA2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFDEA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFE4E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFEC8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF44.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF56.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF58.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFF6B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFFCE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC716.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC776.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC7C6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC843.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC854.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC857.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC874.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC8DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC93F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC981.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9B3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC9DF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCABE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCAC6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB2E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB5B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB7C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCB87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBCC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBB1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC2C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC40.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC78.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC87.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC98.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDC9D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCC4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDCD6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD1F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD41.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD6D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDD8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE03.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDE9E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDEF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDF70.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFCF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDFEC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE01C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE026.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE083.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE0DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE103.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93E5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9D4D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA24E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA877.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAC2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB197.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzBC31.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC1F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzC705.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzCBF7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD24D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzD7B1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzDBA6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE11B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzE648.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzEB0D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF022.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzF573.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzFB11.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz55F4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz565C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56A8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz56F2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz571.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57AE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz57CC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz582C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5839.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5878.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz587E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz58F1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5924.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz592E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5930.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5951.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A06.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A0C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A3B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A4C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5A6E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz5AE2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61EF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz61F5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz620B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz625D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62B8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62C8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz62D2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6336.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6349.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63D1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63DC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63E8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63ED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz63FE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz643C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz6467.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64EE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz64F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz651A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz654.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz659D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz65CF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F74.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F77.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F80.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1F9A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1FD3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2072.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2094.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2095.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2104.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2117.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2145.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz214F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz21D8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz220B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz226D.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2279.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2370.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz2388.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz238A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz23ED.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz93FA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz947E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9491.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94B1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94BE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz94F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz950B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9581.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz95AD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz963.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz966.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz967A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96B5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96BF.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96CA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz96D5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9742.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9744.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9766.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz9772.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA87C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA881.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA887.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8DB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA8FC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA95E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA97B.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA989.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA999.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzA9F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA27.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA42.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA4F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA71.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAA9C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAA8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAB6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAAFB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB3A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzAB8C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzABBE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz15B7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1622.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1637.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1639.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz163E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1698.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16B4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16BB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16E9.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz16FD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1792.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17C5.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz17D7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1819.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz184A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1883.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1899.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz191C.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz194E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1979.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz1992.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19DA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz19EB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1C1.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB1E7.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB22A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB265.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB266.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2DE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2F3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB2FB.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB365.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB374.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB377.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB3A8.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB458.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB474.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB499.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB501.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB504.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB52E.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB53F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB560.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5BD.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trzB5E2.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7819.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7868.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7897.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz78E6.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7907.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz791F.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7937.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7957.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7999.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz79B0.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A25.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A2A.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A3.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7A49.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AAE.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7AC.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7ACA.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7B29.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
C:\Users\Phantom\AppData\Roaming\Ahkomua\trz7BB4.tmp (Trojan.Agent.EDZR) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Roger8118]

ComboFix 13-12-24.02 - Phantom 12/25/2013 16:29:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9239 [GMT -6:00]
Running from: c:\users\Phantom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BT40UIEG\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\AVG Antivirus 2011
c:\users\Phantom\AppData\Local\assembly\tmp
c:\users\Phantom\AppData\Roaming\Izqupu
c:\users\Phantom\AppData\Roaming\Izqupu\xaeza.vih
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\Direction\backward.gif
c:\windows\SysWow64\images\Direction\backward_disabled.gif
c:\windows\SysWow64\images\Direction\down.gif
c:\windows\SysWow64\images\Direction\end.gif
c:\windows\SysWow64\images\Direction\end_disabled.gif
c:\windows\SysWow64\images\Direction\fastbackward.gif
c:\windows\SysWow64\images\Direction\fastbackward_disabled.gif
c:\windows\SysWow64\images\Direction\fastforward.gif
c:\windows\SysWow64\images\Direction\fastforward_disabled.gif
c:\windows\SysWow64\images\Direction\forward.gif
c:\windows\SysWow64\images\Direction\forward_disabled.gif
c:\windows\SysWow64\images\Direction\goto.gif
c:\windows\SysWow64\images\Direction\goto_disabled.gif
c:\windows\SysWow64\images\Direction\start.gif
c:\windows\SysWow64\images\Direction\start_disabled.gif
c:\windows\SysWow64\images\Direction\up.gif
c:\windows\SysWow64\images\misc\bell.gif
c:\windows\SysWow64\images\toolbar\addallfield.gif
c:\windows\SysWow64\images\toolbar\addallfield_disabled.gif
c:\windows\SysWow64\images\toolbar\addallfield_over.gif
c:\windows\SysWow64\images\toolbar\addfield.gif
c:\windows\SysWow64\images\toolbar\addfield_disabled.gif
c:\windows\SysWow64\images\toolbar\addfield_over.gif
c:\windows\SysWow64\images\toolbar\bologo.gif
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\first.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\firstd.gif
c:\windows\SysWow64\images\toolbar\firstresults.gif
c:\windows\SysWow64\images\toolbar\firstresults_over.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\help.gif
c:\windows\SysWow64\images\toolbar\help_over.gif
c:\windows\SysWow64\images\toolbar\interact.gif
c:\windows\SysWow64\images\toolbar\interact_over.gif
c:\windows\SysWow64\images\toolbar\interactd.gif
c:\windows\SysWow64\images\toolbar\last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\lastd.gif
c:\windows\SysWow64\images\toolbar\lastresults.gif
c:\windows\SysWow64\images\toolbar\lastresults_over.gif
c:\windows\SysWow64\images\toolbar\left_button.gif
c:\windows\SysWow64\images\toolbar\mblackarrow.gif
c:\windows\SysWow64\images\toolbar\mdownarrow.gif
c:\windows\SysWow64\images\toolbar\mdownfield.gif
c:\windows\SysWow64\images\toolbar\mdownfield_over.gif
c:\windows\SysWow64\images\toolbar\middle_button.gif
c:\windows\SysWow64\images\toolbar\mlogo.gif
c:\windows\SysWow64\images\toolbar\mtitleimage.gif
c:\windows\SysWow64\images\toolbar\muparrow.gif
c:\windows\SysWow64\images\toolbar\mupfield.gif
c:\windows\SysWow64\images\toolbar\mupfield_over.gif
c:\windows\SysWow64\images\toolbar\next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\nextd.gif
c:\windows\SysWow64\images\toolbar\nextresults.gif
c:\windows\SysWow64\images\toolbar\nextresults_over.gif
c:\windows\SysWow64\images\toolbar\prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\prevd.gif
c:\windows\SysWow64\images\toolbar\prevresults.gif
c:\windows\SysWow64\images\toolbar\prevresults_over.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\removeallfield.gif
c:\windows\SysWow64\images\toolbar\removeallfield_disabled.gif
c:\windows\SysWow64\images\toolbar\removeallfield_over.gif
c:\windows\SysWow64\images\toolbar\removefield.gif
c:\windows\SysWow64\images\toolbar\removefield_disabled.gif
c:\windows\SysWow64\images\toolbar\removefield_over.gif
c:\windows\SysWow64\images\toolbar\right_button.gif
c:\windows\SysWow64\images\toolbar\search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\separator.gif
c:\windows\SysWow64\images\toolbar\tab_fill_sel.gif
c:\windows\SysWow64\images\toolbar\tab_fill_unsel.gif
c:\windows\SysWow64\images\toolbar\tab_left_sel.gif
c:\windows\SysWow64\images\toolbar\tab_left_unsel.gif
c:\windows\SysWow64\images\toolbar\tab_right_sel.gif
c:\windows\SysWow64\images\toolbar\tab_right_unsel.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\toolbar\view.gif
c:\windows\SysWow64\images\toolbar\view_over.gif
c:\windows\SysWow64\images\toolbar\viewpressed.gif
c:\windows\SysWow64\images\toolbar\wizard.gif
c:\windows\SysWow64\images\toolbar\wizard_over.gif
c:\windows\SysWow64\images\toolbar\wizardpressed.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\emptybox.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\magnify.gif
c:\windows\SysWow64\images\tree\mdownarrow.gif
c:\windows\SysWow64\images\tree\minubox.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\muparrow.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\resizebar.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDHCPsvc
.
.
((((((((((((((((((((((((( Files Created from 2013-11-25 to 2013-12-25 )))))))))))))))))))))))))))))))
.
.
2013-12-25 06:36 . 2013-12-25 06:36 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-24 21:52 . 2013-12-24 21:52 325120 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2013-12-24 21:51 . 2013-12-24 21:51 467456 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2013-12-24 21:50 . 2013-12-24 21:50 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys.bak
2013-12-24 21:49 . 2013-12-24 21:49 16960 ----a-w- c:\windows\system32\drivers\intelide.sys.bak
2013-12-24 21:48 . 2013-12-24 21:48 147456 ----a-w- c:\windows\system32\drivers\cdrom.sys.bak
2013-12-24 04:48 . 2013-12-24 04:48 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2013-12-24 04:47 . 2013-12-24 04:47 -------- d-----w- C:\FRST
2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\users\Phantom\AppData\Roaming\Malwarebytes
2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\programdata\Malwarebytes
2013-12-21 22:46 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-21 22:46 . 2013-12-21 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-21 04:41 . 2013-12-21 04:41 -------- d-----w- c:\users\Phantom\AppData\Roaming\eCyber
2013-12-21 04:40 . 2013-12-21 04:40 -------- d-----w- c:\users\Phantom\.android
2013-12-21 04:40 . 2013-12-21 04:45 -------- d-----w- c:\users\Phantom\AppData\Local\cache
2013-12-21 04:40 . 2013-12-21 04:40 -------- d-----w- c:\users\Phantom\AppData\Local\genienext
2013-12-21 04:40 . 2013-12-24 04:43 -------- d-----w- c:\users\Phantom\AppData\Local\Mobogenie
2013-12-21 04:39 . 2013-12-21 04:39 -------- d-----w- c:\windows\system32\log
2013-12-21 04:38 . 2013-12-21 22:39 -------- d-----w- c:\users\Phantom\AppData\Roaming\iSafe
2013-12-21 04:38 . 2013-12-24 04:43 -------- d-----w- c:\program files (x86)\Mobogenie
2013-12-20 21:41 . 2013-12-21 06:18 -------- d-----w- c:\users\Phantom\AppData\Roaming\AVG2014
2013-12-20 21:39 . 2013-12-20 21:39 -------- d-----w- c:\users\Phantom\AppData\Roaming\TuneUp Software
2013-12-20 21:37 . 2013-12-21 03:05 -------- d-----w- c:\programdata\AVG2014
2013-12-20 21:36 . 2013-12-21 06:17 -------- d-----w- c:\program files (x86)\AVG
2013-12-20 21:34 . 2013-12-20 21:34 -------- d--h--w- c:\programdata\Common Files
2013-12-20 21:34 . 2013-12-21 06:17 -------- d-----w- c:\programdata\MFAData
2013-12-20 21:34 . 2013-12-20 21:34 -------- d-----w- c:\users\Phantom\AppData\Local\MFAData
2013-12-20 20:38 . 2013-12-20 20:38 -------- d-----w- c:\programdata\CDB
2013-12-20 09:01 . 2013-12-20 09:01 -------- d-----w- c:\windows\Microsoft Antimalware
2013-12-20 05:51 . 2013-12-20 05:51 -------- d-----w- c:\program files\Microsoft Silverlight
2013-12-20 05:51 . 2013-12-20 05:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-12-20 04:14 . 2013-12-20 05:36 -------- d-----w- c:\programdata\AVAST Software
2013-12-19 21:46 . 2013-12-25 08:09 -------- d-----w- c:\users\Phantom\AppData\Roaming\Ahkomua
2013-12-16 09:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-16 09:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-16 09:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-16 09:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-16 05:17 . 2013-12-16 05:17 -------- d-----w- c:\users\Phantom\AppData\Local\NVIDIA Corporation
2013-12-16 05:17 . 2013-11-29 16:58 979744 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-16 05:17 . 2013-11-29 16:58 1096480 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-16 05:16 . 2013-10-30 17:03 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-16 05:16 . 2013-10-30 17:02 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-16 05:16 . 2013-10-30 17:02 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-16 05:09 . 2013-12-16 05:09 -------- d-----w- c:\users\Phantom\AppData\Roaming\HPAppData
2013-12-16 04:05 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-16 04:04 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-16 04:04 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-16 04:04 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-16 04:04 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-16 04:04 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-16 04:04 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-16 04:04 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-16 04:04 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-16 04:03 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-16 04:03 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-16 04:03 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-16 04:03 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-16 04:03 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 09:24 . 2012-04-02 01:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-16 09:24 . 2011-05-17 20:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 09:01 . 2010-11-21 22:51 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-16 07:54 . 2013-12-24 21:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74426DF0-FE37-4CDC-9167-AA8B4C3A9507}\mpengine.dll
2013-12-16 04:03 . 2011-04-13 03:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-16 04:02 . 2011-04-13 03:20 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-11-26 18:25 . 2010-11-21 22:51 267936 ------w-c:\windows\system32\MpSigStub.exe
2013-11-26 06:33 . 2013-12-16 09:03 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-16 04:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-14 23:03 . 2013-11-14 23:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 23:03 . 2013-11-14 23:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-14 23:03 . 2013-11-14 23:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-14 23:03 . 2013-11-14 23:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-14 23:03 . 2013-11-14 23:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-14 23:03 . 2013-11-14 23:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-14 23:03 . 2013-11-14 23:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-14 23:03 . 2013-11-14 23:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-14 23:03 . 2013-11-14 23:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-14 23:03 . 2013-11-14 23:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-14 23:03 . 2013-11-14 23:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-14 23:03 . 2013-11-14 23:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-14 23:03 . 2013-11-14 23:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-14 23:03 . 2013-11-14 23:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-14 23:03 . 2013-11-14 23:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-14 23:03 . 2013-11-14 23:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-14 23:03 . 2013-11-14 23:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-14 23:03 . 2013-11-14 23:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-14 23:03 . 2013-11-14 23:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-14 23:03 . 2013-11-14 23:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-14 23:03 . 2013-11-14 23:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-14 23:03 . 2013-11-14 23:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-14 23:03 . 2013-11-14 23:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-14 23:03 . 2013-11-14 23:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-14 23:03 . 2013-11-14 23:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-14 23:03 . 2013-11-14 23:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-14 23:03 . 2013-11-14 23:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 23:03 . 2013-11-14 23:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-14 23:03 . 2013-11-14 23:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-14 23:03 . 2013-11-14 23:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-14 23:03 . 2013-11-14 23:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-14 23:03 . 2013-11-14 23:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-14 23:03 . 2013-11-14 23:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 23:03 . 2013-11-14 23:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-14 23:03 . 2013-11-14 23:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-14 23:03 . 2013-11-14 23:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-14 23:03 . 2013-11-14 23:03 413696 ----a-w- c:\windows\system32\html.iec
2013-11-14 23:03 . 2013-11-14 23:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 23:03 . 2013-11-14 23:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-14 23:03 . 2013-11-14 23:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-14 23:03 . 2013-11-14 23:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-14 23:03 . 2013-11-14 23:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-14 23:03 . 2013-11-14 23:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-14 23:03 . 2013-11-14 23:03 235520 ----a-w- c:\windows\system32\url.dll
2013-11-14 23:03 . 2013-11-14 23:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-14 23:03 . 2013-11-14 23:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-14 23:03 . 2013-11-14 23:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-14 23:03 . 2013-11-14 23:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-14 23:03 . 2013-11-14 23:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-14 23:03 . 2013-11-14 23:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-14 23:03 . 2013-11-14 23:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-14 23:03 . 2013-11-14 23:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-14 23:03 . 2013-11-14 23:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-14 23:03 . 2013-11-14 23:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-14 23:03 . 2013-11-14 23:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-14 23:03 . 2013-11-14 23:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-14 23:03 . 2013-11-14 23:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-14 23:03 . 2013-11-14 23:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-14 23:03 . 2013-11-14 23:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-14 22:41 . 2013-05-03 19:11 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-14 11:55 . 2012-10-11 03:23 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2013-09-18 03:22 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:55 . 2013-09-18 03:22 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2013-09-18 03:22 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-14 11:55 . 2013-09-18 03:22 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-14 11:55 . 2013-09-18 03:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-12 02:07 . 2013-12-16 04:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-11 15:02 . 2010-10-16 19:13 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2010-10-16 19:13 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2010-10-16 19:13 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2010-10-16 19:13 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2010-10-08 09:22 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-02-22 00:36 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 14:59 . 2013-11-11 14:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-08 20:37 . 2011-04-11 02:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-24 01:13 . 2013-10-24 01:13 21504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Offline Scanner\FilesList32.dll
2013-10-23 10:30 . 2013-11-15 01:14 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-15 01:14 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-15 00:00 . 2013-03-23 19:19 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-12 20:17 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-12 20:17 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-12 20:17 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:04 . 2013-12-16 04:03 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-10-12 02:03 . 2013-12-16 04:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-10-12 02:03 . 2013-11-12 20:17 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 20:17 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:15 . 2013-12-16 04:03 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-10-05 20:25 . 2013-11-12 20:18 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-12 20:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-12 20:18 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-12 20:18 197120 ----a-w- c:\windows\system32\credui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 9.0 LE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 9.0 LE\PHOTOfunSTUDIO.exe" [2013-5-11 167624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz134;cpuz134;c:\users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Phantom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:24]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 23:59]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 23:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL =
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.159.193.40 24.205.224.36
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4115959996-671547687-3831804364-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:da,9f,42,94,bf,87,9c,da,28,ad,79,83,6a,0d,a0,83,b3,50,8a,43,34,
99,e8,07,2a,51,63,9f,cb,23,f1,6c,05,83,af,e6,ac,52,77,b9,d7,13,50,7f,96,ae,\
"rkeysecu"=hex:a3,26,81,76,7a,fa,42,be,41,09,2b,04,ae,42,3f,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
.
**************************************************************************
.
Completion time: 2013-12-25 17:02:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-25 23:02
.
Pre-Run: 822,439,702,528 bytes free
Post-Run: 821,689,786,368 bytes free
.
- - End Of File - - E3177F92725756AC5E6CF0E84C14091B
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Roger8118]

Broni,
I will be unavailable for about a wee., Please keep my thread open. I will continue as soon as possible. Thanks for all your help. Roger

# AdwCleaner v3.016 - Report created 26/12/2013 at 12:11:10
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phantom - PHANTOM-PC
# Running from : C:\Users\Phantom\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\bingp.xml
File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\user.js
Folder Found : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\SpeedyPC Software
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\SpeedyPC Software
Folder Found C:\Users\Phantom\AppData\Local\Conduit
Folder Found C:\Users\Phantom\AppData\Local\Mobogenie
Folder Found C:\Users\Phantom\AppData\Local\SwvUpdater
Folder Found C:\Users\Phantom\AppData\LocalLow\Conduit
Folder Found C:\Users\Phantom\AppData\LocalLow\PriceGong
Folder Found C:\Users\Phantom\AppData\Roaming\digitalsite
Folder Found C:\Users\Phantom\AppData\Roaming\DriverCure
Folder Found C:\Users\Phantom\AppData\Roaming\iSafe
Folder Found C:\Users\Phantom\AppData\Roaming\SpeedyPC Software
Folder Found C:\Users\Phantom\Documents\Mobogenie
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\SpeedyPC Software
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\SpeedyPC Software
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\Software\SpeedyPC Software
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0C0B0Fzz0AyBtDtBtCtBtN0D0Tzu0SyCzzyEtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=217812415&ir=
-\\ Mozilla Firefox v
[ File : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
*************************
AdwCleaner[R0].txt - [4807 octets] - [26/12/2013 12:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4867 octets] ##########

 

[Roger8118]

Sorry log after running Clean


# AdwCleaner v3.016 - Report created 26/12/2013 at 12:27:37
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phantom - PHANTOM-PC
# Running from : C:\Users\Phantom\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SpeedyPC Software
Folder Deleted : C:\Users\Phantom\AppData\Local\Conduit
Folder Deleted : C:\Users\Phantom\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Phantom\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Phantom\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Phantom\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Phantom\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Phantom\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Phantom\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Phantom\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Phantom\Documents\Mobogenie
Folder Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\bingp.xml
File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\user.js
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v
[ File : C:\Users\Phantom\AppData\Roaming\Mozilla\Firefox\Profiles\lfl3mj12.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
*************************
AdwCleaner[R0].txt - [4991 octets] - [26/12/2013 12:11:21]
AdwCleaner[S0].txt - [4465 octets] - [26/12/2013 12:27:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4525 octets] ##########

 

[Roger8118]

Can no longer access any Office Products including Control panel to change security settings, so I can't run JRT from desktop. Can't get email from Outlook.
I will try my laptop to retrieve email.

 

[Broni]

When exactly did it happen?