I have a rootkit problem PLEASE HELP

[atilla]

i am sory if the topic is irrelevent with there or opened somewhere before me.Yesterday i was searching my computer for rootkits and program found a invisible folder and i deleted it then i searched the computer again for rootkits and it found the folder again. I seached computer 3-4 times and deleted same folder/file everytime but it still find that folder for my every search. would please someone help me for this problem ?




Edit

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

 

[Juliet]

Please back up your registry!

• Download ERUNT The Emergency Recovery Utility NT Registry Backup and Restore for Windows NT/2000/2003/XP/Vista

NOTE: Installing ERUNT may also install the "registry optimization tool" "NTREGOPT" by default. Please do NOT run NTREGOPT.

• Save ERUNT to your desktop. Run and install this program.
• In the box that opens ONLY choose "System registry"
• Click OK.
• Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it.

If you cannot use ERUNT or it doesn't support your operating system please let us know in your first post which should include the DDS and aswMBR logs so the responder can link you to a different backup utility.

Instruction for producing the DDS and aswMBR logs
​

DDS Log

Download to your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• If a black Screen opens, just read the contents and do nothing.
• When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
• Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.
  
• 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

aswMBR Log

Important! Please do not perform any fix options offered in aswMBR

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
• Click the Scan button to start scan.
• If you are asked to update the Avast Virus database please allow it to do so.
• When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the DDS logs.

 

[atilla]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by ESMEN at 17:22:41 on 2014-04-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.1545 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Bütün Bağlantıları IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer = 213.74.0.1,213.74.1.1
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : DHCPNameServer = 192.168.1.1 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-4-6 445304]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-28 208928]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-28 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-28 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-28 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-28 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-6 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-6 109048]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-5 175480]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-5 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-5 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-5 171416]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-12-8 27768]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-28 84816]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-12-8 2210376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-9 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2014-04-06 11:03:49 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-06 11:03:38 445304 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-04-06 10:49:56 -------- d-----w- C:\Windows\jumpshot.com
2014-04-05 16:40:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-04-05 16:39:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39:31 -------- d-----w- C:\Users\ESMEN\AppData\Local\Programs
2014-04-04 18:47:21 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2014-04-04 09:31:45 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21:50 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04:40 -------- d-----w- C:\Program Files (x86)\Napoleon Total War
2014-03-12 19:35:49 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 19:35:21 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 19:35:21 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 19:32:32 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 19:32:32 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 19:32:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 19:32:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08:49 -------- d-----r- C:\Users\ESMEN\Dropbox
2014-03-09 11:07:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 11:06:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2014-04-06 11:03:50 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-06 11:03:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-06 11:03:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-06 11:03:50 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-06 11:03:50 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-06 11:03:49 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-06 11:03:42 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-14 07:30:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 17:09:47 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2014-02-19 17:09:47 14848 ----a-w- C:\Windows\System32\slwga.dll
2014-02-19 17:09:47 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
.
============= FINISH: 17:23:01,06 ===============

 

[Juliet]

aswMBR Log?

 

[atilla]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-06 19:02:03
-----------------------------
19:02:03.848 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:03.848 Number of processors: 4 586 0x170A
19:02:03.849 ComputerName: ESMEN-PC UserName: ESMEN
19:02:05.079 Initialize success
19:02:08.291 AVAST engine defs: 14040600
19:02:10.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:02:10.613 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
19:02:10.680 Disk 0 MBR read successfully
19:02:10.682 Disk 0 MBR scan
19:02:10.686 Disk 0 Windows 7 default MBR code
19:02:10.697 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1024 MB offset 2048
19:02:10.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 251299 MB offset 2099200
19:02:10.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224615 MB offset 516759552
19:02:10.772 Disk 0 scanning C:\Windows\system32\drivers
19:02:19.015 Service scanning
19:02:33.578 Modules scanning
19:02:33.586 Disk 0 trace - called modules:
19:02:33.599 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
19:02:33.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a44060]
19:02:33.611 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80047cf520]
19:02:33.618 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d0680]
19:02:34.918 AVAST engine scan C:\Windows
19:02:36.417 AVAST engine scan C:\Windows\system32
19:05:33.396 AVAST engine scan C:\Windows\system32\drivers
19:05:56.830 AVAST engine scan C:\Users\ESMEN
19:10:42.535 AVAST engine scan C:\ProgramData
19:11:05.305 Scan finished successfully
19:11:39.490 Disk 0 MBR has been saved successfully to "C:\Users\ESMEN\Desktop\MBR.dat"
19:11:39.496 The log file has been saved successfully to "C:\Users\ESMEN\Desktop\aswMBR.txt"

 

[Juliet]

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

********************

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

[atilla]

--Rkill--
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/06/2014 07:28:08 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 1.008.640 : 12/09/2013 00:14 AM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833.024 : 12/09/2013 00:14 AM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1.008.640 : 07/14/2009 04:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1.008.128 : 11/20/2010 04:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833.024 : 07/14/2009 04:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833.024 : 11/20/2010 03:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15506 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 04/06/2014 07:28:58 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)

--addition--

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ESMEN at 2014-04-06 19:30:52
Running from C:\Users\ESMEN\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DriverEasy 4.6.2 (HKLM\...\DriverEasy_is1) (Version: 4.6.2.0 - Easeware)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - ByBordo)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (TRK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
The Lord of the Rings Conquest (HKLM-x32\...\The Lord of the Rings Conquest Multi10 *REPACK* ~83C7E069_is1) (Version: - The Lord of the Rings Conquest)
VIA Platform Aygıt Yöneticisi (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

01-04-2014 10:11:42 Windows Update
06-04-2014 11:02:18 avast! antivirus system restore point
06-04-2014 11:04:32 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

2009-07-14 05:34 - 2014-04-06 16:17 - 00451372 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {07A7E571-F751-4D20-A49A-90EC1CD5F9D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {295F9BE7-FDF7-46DA-836A-F1ACACE19394} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {43E38926-790D-4B9E-8A96-2BC774D3F74B} - System32\Tasks\{7455FFB5-DD14-402A-9F15-E3E1C24B47CA} => D:\Program Files\Counter-Strike 1.6\cstrike.exe [2005-09-27] ()
Task: {75435C43-83F6-4AA7-864F-99D38533A9C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {86169B72-2A6E-48EF-BBD4-2EFF5454553A} - System32\Tasks\{325F10A8-3F42-42FB-AB12-23B3DA4557ED} => D:\Program Files (x86)\Team JPN\The Lord of the Rings Conquest\Conquest.exe [2009-01-15] (Electronic Arts Inc.)
Task: {9B4BF1E5-950D-4560-9525-E388409C37A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {AE0E1DAD-6EEA-4F69-B123-F27063DF9933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {C9708753-1BF9-4D56-B6DC-F6242F8C19C9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAF331FD-A2D9-4D52-AEF6-8CDEF9B9A1AC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-06] (AVAST Software)
Task: {EE325F10-87D5-41D6-970C-314362573071} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F0E519A9-D93B-4F45-8A8D-F50B1325C3A7} - System32\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {F9424DDF-B28B-4152-BEBF-9F4361190401} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2013-11-11] (Easeware)
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-08 16:24 - 2012-11-14 16:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-08 16:24 - 2012-11-14 16:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-06 13:25 - 2014-04-06 10:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 15:55 - 2014-04-06 15:55 - 00041984 _____ () c:\users\esmen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
2013-10-19 02:55 - 2013-10-19 02:55 - 25100288 _____ () C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-28 01:10 - 2014-01-28 01:10 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-05 19:40 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-05 19:40 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-05 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-05 19:40 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-05 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 23:15 - 2014-03-15 03:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 03:55:17 PM) (Source: Winlogon) (User: )
Description: Windows lisansı etkinleştirilemedi. Hata: 0x80070005.

Error: (04/06/2014 01:23:54 PM) (Source: Winlogon) (User: )
Description: Windows lisansı etkinleştirilemedi. Hata: 0x80070005.

Error: (04/06/2014 00:53:05 AM) (Source: Application Hang) (User: )
Description: gmer.exe programının 2.1.19357.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.

İşlem Kimlik No: 16c0

Başlatma Saati: 01cf51180d16d807

Sona Erdirme Saati: 9

Uygulama Yolu: C:\Users\ESMEN\Desktop\gmer.exe

Rapor Kimliği: a4c38738-bd0c-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:43:06 AM) (Source: Application Error) (User: )
Description: Hatalı uygulama adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Hatalı modül adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x0008d93e
Hatalı işlem kimliği: 0xcf0
Uygulama başlangıç zamanı: 0xgmer.exe0
Hatalı uygulama yolu: gmer.exe1
Hatalı modül yolu: gmer.exe2
Rapor kimliği: gmer.exe3

Error: (04/06/2014 00:41:14 AM) (Source: Application Error) (User: )
Description: Hatalı uygulama adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Hatalı modül adı: gmer.exe, sürüm: 2.1.19357.0, zaman damgası: 0x52e7ea83
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00062128
Hatalı işlem kimliği: 0x17a4
Uygulama başlangıç zamanı: 0xgmer.exe0
Hatalı uygulama yolu: gmer.exe1
Hatalı modül yolu: gmer.exe2
Rapor kimliği: gmer.exe3

Error: (04/06/2014 00:18:37 AM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 11:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 10:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 09:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005

Error: (04/05/2014 08:18:36 PM) (Source: Software Protection Platform Service) (User: )
Description: Lisans Etkinleştirme Zamanlayıcısı ((sppuinotify.dll) şu hata koduyla başarısız oldu:
0x80070005


System errors:
=============
Error: (04/06/2014 03:54:31 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/06/2014 01:12:04 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:08:10 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:53 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:52 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068

Error: (04/06/2014 01:07:52 AM) (Source: Service Control Manager) (User: )
Description: Network List Service hizmeti, şu hata nedeniyle başlatılamayan Network Location Awareness hizmetine bağımlıdır:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/06/2014 03:55:17 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (04/06/2014 01:23:54 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (04/06/2014 00:53:05 AM) (Source: Application Hang)(User: )
Description: gmer.exe2.1.19357.016c001cf51180d16d8079C:\Users\ESMEN\Desktop\gmer.exea4c38738-bd0c-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:43:06 AM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19357.052e7ea83gmer.exe2.1.19357.052e7ea83c00000050008d93ecf001cf5117cf2b698dC:\Users\ESMEN\Desktop\gmer.exeC:\Users\ESMEN\Desktop\gmer.exe453d078b-bd0b-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:41:14 AM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19357.052e7ea83gmer.exe2.1.19357.052e7ea83c00000050006212817a401cf51179aa646dfC:\Users\ESMEN\AppData\Local\Temp\Rar$EXa0.096\gmer.exeC:\Users\ESMEN\AppData\Local\Temp\Rar$EXa0.096\gmer.exe02b14ba9-bd0b-11e3-aa93-0025111bb3ee

Error: (04/06/2014 00:18:37 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 11:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 10:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 09:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (04/05/2014 08:18:36 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 4095.24 MB
Available physical RAM: 1598.23 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5500.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:245.41 GB) (Free:127.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EXPER) (Fixed) (Total:219.35 GB) (Free:35.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BFE3D855)

Partition: GPT Partition Type.

==================== End Of Log ============================

--FRST--

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ESMEN (administrator) on ESMEN-PC on 06-04-2014 19:30:24
Running from C:\Users\ESMEN\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dropbox, Inc.) C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5670448 2013-02-05] (VIA)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0AB40B1D0F2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: [NameServer]213.74.0.1,213.74.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com.tr/
CHR DefaultSearchKeyword: google.com.tr
CHR Extension: (Video indirme yardımcısı) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2014-04-04]
CHR Extension: (avast! Online Security) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Google Cüzdan) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Şikayetvar) - C:\Users\ESMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmfmekkdddepehcblkiffennabldbpg [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 HPSLPSVC; C:\Users\ESMEN\AppData\Local\Temp\7zS37EE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-06] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\ESMEN\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 19:30 - 2014-04-06 19:30 - 00010738 _____ () C:\Users\ESMEN\Downloads\FRST.txt
2014-04-06 19:28 - 2014-04-06 19:30 - 00000000 ____D () C:\FRST
2014-04-06 19:28 - 2014-04-06 19:28 - 02157056 _____ (Farbar) C:\Users\ESMEN\Downloads\FRST64.exe
2014-04-06 19:28 - 2014-04-06 19:28 - 00005552 _____ () C:\Users\ESMEN\Desktop\Rkill.txt
2014-04-06 19:27 - 2014-04-06 19:28 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ESMEN\Downloads\rkill.exe
2014-04-06 19:11 - 2014-04-06 19:11 - 00002045 _____ () C:\Users\ESMEN\Desktop\aswMBR.txt
2014-04-06 19:11 - 2014-04-06 19:11 - 00000512 _____ () C:\Users\ESMEN\Desktop\MBR.dat
2014-04-06 19:01 - 2014-04-06 19:01 - 04745728 _____ (AVAST Software) C:\Users\ESMEN\Downloads\aswMBR.exe
2014-04-06 18:15 - 2014-04-06 18:15 - 00000087 _____ () C:\Users\ESMEN\Desktop\Malware Removal.url
2014-04-06 17:29 - 2014-04-06 17:29 - 00001276 _____ () C:\Users\ESMEN\Desktop\attach.zip
2014-04-06 17:26 - 2014-04-06 17:26 - 00001253 _____ () C:\Users\ESMEN\Desktop\attach.rar
2014-04-06 17:23 - 2014-04-06 17:24 - 00017087 _____ () C:\Users\ESMEN\Desktop\dds.txt
2014-04-06 17:23 - 2014-04-06 17:24 - 00002797 _____ () C:\Users\ESMEN\Desktop\attach.txt
2014-04-06 17:22 - 2014-04-06 17:22 - 00688992 ____R (Swearware) C:\Users\ESMEN\Downloads\dds.scr
2014-04-06 17:22 - 2014-04-06 17:22 - 00000000 ____D () C:\Windows\ERDNT
2014-04-06 17:21 - 2014-04-06 17:21 - 00000924 _____ () C:\Users\ESMEN\Desktop\NTREGOPT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000905 _____ () C:\Users\ESMEN\Desktop\ERUNT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-06 17:20 - 2014-04-06 17:20 - 00791393 _____ (Lars Hederer ) C:\Users\ESMEN\Downloads\erunt-setup.exe
2014-04-06 16:00 - 2014-04-06 16:00 - 00000000 ____D () C:\Users\ESMEN\Documents\ProcAlyzer Dumps
2014-04-06 14:03 - 2014-04-06 14:03 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-06 14:03 - 2014-04-06 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 13:49 - 2014-04-06 13:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-04-06 13:47 - 2014-04-06 13:47 - 14482352 _____ (AVAST Software) C:\Users\ESMEN\Downloads\grimefighter.exe
2014-04-06 13:42 - 2014-04-06 14:30 - 1442186430 _____ () C:\Users\ESMEN\Downloads\Dracula Kara Prens izle Dracula Kara Prens Trke Altyazl izle Dracula Kara Prens filmini izle Dracula Kara Prens full izle Dracula Kara Prens Film izle Full izle Filmi Full izle Direk Film izle Dizi izle Trke Dublaj izl.mp4
2014-04-06 00:53 - 2014-04-06 00:54 - 90488176 _____ (Sophos Limited) C:\Users\ESMEN\Downloads\Sophos Virus Removal Tool.exe
2014-04-06 00:39 - 2014-04-06 00:39 - 00370943 _____ () C:\Users\ESMEN\Downloads\gmer.zip
2014-04-06 00:23 - 2014-04-06 00:52 - 00000762 _____ () C:\Windows\wininit.ini
2014-04-05 19:40 - 2014-04-05 19:40 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-05 19:40 - 2014-04-05 19:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-05 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-05 19:39 - 2014-04-05 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 19:37 - 2014-04-05 19:39 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\ESMEN\Downloads\spybot-2.2.exe
2014-04-05 01:34 - 2014-04-05 01:34 - 00000123 _____ () C:\Users\ESMEN\Desktop\Hobbit 2 Smaug’un Çorak Toprakları (2013) Full HD 1080p 720p Türkçe Dublaj Film izle - Full Katılımsız Program Oyun indir Film izle Portalcıyız.url
2014-04-04 21:48 - 2014-04-04 21:48 - 00000000 ____D () C:\Users\ESMEN\Downloads\Compressed
2014-04-04 21:47 - 2014-04-04 21:47 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-04-04 21:46 - 2014-04-04 21:46 - 09624492 _____ () C:\Users\ESMEN\Downloads\İDM 6.19 Final Full Turkce.rar
2014-03-31 22:14 - 2014-03-31 22:15 - 76817449 _____ () C:\Users\ESMEN\Downloads\Avatar_-_The_Last_Airbender_-_The_Rift_Part_1_(2014)_(digital)_(Son_of_Ultron-Empire).cbr
2014-03-31 22:13 - 2014-03-31 22:13 - 00012414 _____ () C:\Users\ESMEN\Downloads\[kickass.to]avatar.the.last.airbender.the.rift.part.1.2014.digital.torrent
2014-03-31 21:13 - 2014-03-31 21:13 - 01058123 _____ () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON.rar
2014-03-31 11:16 - 2014-04-03 23:13 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON
2014-03-27 19:19 - 2014-03-27 19:19 - 00000886 _____ () C:\Users\ESMEN\Desktop\Napoleon Total War.lnk
2014-03-27 19:05 - 2014-03-27 19:05 - 00003234 _____ () C:\Windows\System32\Tasks\{D6E1EE84-67D1-4766-B63C-93D971D80F99}
2014-03-27 19:04 - 2014-03-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Napoleon Total War
2014-03-27 13:53 - 2014-03-27 18:46 - 00000000 ____D () C:\Users\ESMEN\Downloads\Napoleon_Total_War-Razor1911
2014-03-23 13:09 - 2014-03-23 13:09 - 00000081 _____ () C:\Users\ESMEN\Desktop\IP-Adress.com Proxy List - Whois Proxy List - IP-Adress.com.url
2014-03-23 12:40 - 2014-03-23 12:40 - 00000021 _____ () C:\Users\ESMEN\Desktop\the piratebay torernt.txt
2014-03-12 22:35 - 2014-01-29 05:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:35 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:35 - 2014-01-28 05:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:34 - 2014-03-01 09:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:34 - 2014-03-01 08:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:34 - 2014-03-01 08:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:34 - 2014-03-01 07:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:34 - 2014-03-01 07:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:34 - 2014-03-01 07:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:34 - 2014-03-01 07:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:34 - 2014-03-01 07:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:34 - 2014-03-01 07:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:34 - 2014-03-01 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:34 - 2014-03-01 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:34 - 2014-03-01 07:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:34 - 2014-03-01 07:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:34 - 2014-03-01 07:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:34 - 2014-03-01 07:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:34 - 2014-03-01 07:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:34 - 2014-03-01 07:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:34 - 2014-03-01 06:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:34 - 2014-03-01 06:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:34 - 2014-03-01 06:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:34 - 2014-03-01 06:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:34 - 2014-03-01 06:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:34 - 2014-03-01 06:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:34 - 2014-03-01 06:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:34 - 2014-03-01 06:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:34 - 2014-03-01 06:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:34 - 2014-03-01 06:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:34 - 2014-03-01 06:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:34 - 2014-03-01 06:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:34 - 2014-03-01 06:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:34 - 2014-03-01 06:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:34 - 2014-03-01 06:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:34 - 2014-03-01 06:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:34 - 2014-03-01 06:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:34 - 2014-03-01 05:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:34 - 2014-03-01 05:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:34 - 2014-03-01 05:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:34 - 2014-03-01 05:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:34 - 2014-03-01 05:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:34 - 2014-03-01 05:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:34 - 2014-02-07 04:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:32 - 2014-02-04 05:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:32 - 2014-02-04 05:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:32 - 2014-02-04 05:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:32 - 2014-02-04 05:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:46 - 2014-04-02 13:02 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE351_FLME_STUD
2014-03-09 20:08 - 2014-03-09 20:08 - 00008746 _____ () C:\Users\ESMEN\Desktop\Yeni Microsoft Excel Worksheet.xlsx
2014-03-09 19:03 - 2014-03-09 19:03 - 00948736 _____ () C:\Users\ESMEN\Downloads\SteelProfileTable.xls
2014-03-09 14:08 - 2014-04-06 15:56 - 00000000 ___RD () C:\Users\ESMEN\Dropbox
2014-03-09 14:08 - 2014-03-09 14:08 - 00001039 _____ () C:\Users\ESMEN\Desktop\Dropbox.lnk
2014-03-09 14:07 - 2014-03-09 14:08 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 14:07 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-09 14:06 - 2014-04-06 15:56 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Dropbox
2014-03-09 14:06 - 2014-03-09 14:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\ESMEN\Downloads\Dropbox 2.6.2.exe

==================== One Month Modified Files and Folders =======

2014-04-06 19:30 - 2014-04-06 19:30 - 00010738 _____ () C:\Users\ESMEN\Downloads\FRST.txt
2014-04-06 19:30 - 2014-04-06 19:28 - 00000000 ____D () C:\FRST
2014-04-06 19:28 - 2014-04-06 19:28 - 02157056 _____ (Farbar) C:\Users\ESMEN\Downloads\FRST64.exe
2014-04-06 19:28 - 2014-04-06 19:28 - 00005552 _____ () C:\Users\ESMEN\Desktop\Rkill.txt
2014-04-06 19:28 - 2014-04-06 19:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ESMEN\Downloads\rkill.exe
2014-04-06 19:18 - 2013-12-07 01:27 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 19:11 - 2014-04-06 19:11 - 00002045 _____ () C:\Users\ESMEN\Desktop\aswMBR.txt
2014-04-06 19:11 - 2014-04-06 19:11 - 00000512 _____ () C:\Users\ESMEN\Desktop\MBR.dat
2014-04-06 19:01 - 2014-04-06 19:01 - 04745728 _____ (AVAST Software) C:\Users\ESMEN\Downloads\aswMBR.exe
2014-04-06 18:15 - 2014-04-06 18:15 - 00000087 _____ () C:\Users\ESMEN\Desktop\Malware Removal.url
2014-04-06 17:29 - 2014-04-06 17:29 - 00001276 _____ () C:\Users\ESMEN\Desktop\attach.zip
2014-04-06 17:26 - 2014-04-06 17:26 - 00001253 _____ () C:\Users\ESMEN\Desktop\attach.rar
2014-04-06 17:24 - 2014-04-06 17:23 - 00017087 _____ () C:\Users\ESMEN\Desktop\dds.txt
2014-04-06 17:24 - 2014-04-06 17:23 - 00002797 _____ () C:\Users\ESMEN\Desktop\attach.txt
2014-04-06 17:22 - 2014-04-06 17:22 - 00688992 ____R (Swearware) C:\Users\ESMEN\Downloads\dds.scr
2014-04-06 17:22 - 2014-04-06 17:22 - 00000000 ____D () C:\Windows\ERDNT
2014-04-06 17:21 - 2014-04-06 17:21 - 00000924 _____ () C:\Users\ESMEN\Desktop\NTREGOPT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000905 _____ () C:\Users\ESMEN\Desktop\ERUNT.lnk
2014-04-06 17:21 - 2014-04-06 17:21 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-06 17:21 - 2013-12-07 01:07 - 00000000 ___RD () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 17:20 - 2014-04-06 17:20 - 00791393 _____ (Lars Hederer ) C:\Users\ESMEN\Downloads\erunt-setup.exe
2014-04-06 16:01 - 2013-12-07 22:07 - 00656002 _____ () C:\Windows\system32\perfh01F.dat
2014-04-06 16:01 - 2013-12-07 22:07 - 00139380 _____ () C:\Windows\system32\perfc01F.dat
2014-04-06 16:01 - 2009-07-14 08:13 - 01568678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 16:00 - 2014-04-06 16:00 - 00000000 ____D () C:\Users\ESMEN\Documents\ProcAlyzer Dumps
2014-04-06 16:00 - 2014-02-23 02:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-06 15:58 - 2010-02-25 03:52 - 01607608 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 15:56 - 2014-03-09 14:08 - 00000000 ___RD () C:\Users\ESMEN\Dropbox
2014-04-06 15:56 - 2014-03-09 14:06 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Dropbox
2014-04-06 15:55 - 2013-12-07 22:58 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
2014-04-06 15:55 - 2013-12-07 02:19 - 00013926 _____ () C:\Windows\PFRO.log
2014-04-06 15:55 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 15:55 - 2009-07-14 07:51 - 00042056 _____ () C:\Windows\setupact.log
2014-04-06 14:30 - 2014-04-06 13:42 - 1442186430 _____ () C:\Users\ESMEN\Downloads\Dracula Kara Prens izle Dracula Kara Prens Trke Altyazl izle Dracula Kara Prens filmini izle Dracula Kara Prens full izle Dracula Kara Prens Film izle Full izle Filmi Full izle Direk Film izle Dizi izle Trke Dublaj izl.mp4
2014-04-06 14:04 - 2014-01-28 17:58 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-06 14:03 - 2014-04-06 14:03 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-06 14:03 - 2014-04-06 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 14:03 - 2014-01-28 17:58 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-06 14:03 - 2014-01-28 01:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 14:03 - 2014-01-28 01:10 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 13:49 - 2014-04-06 13:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-04-06 13:47 - 2014-04-06 13:47 - 14482352 _____ (AVAST Software) C:\Users\ESMEN\Downloads\grimefighter.exe
2014-04-06 01:03 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DMCache
2014-04-06 01:03 - 2009-07-14 07:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 01:03 - 2009-07-14 07:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 00:54 - 2014-04-06 00:53 - 90488176 _____ (Sophos Limited) C:\Users\ESMEN\Downloads\Sophos Virus Removal Tool.exe
2014-04-06 00:52 - 2014-04-06 00:23 - 00000762 _____ () C:\Windows\wininit.ini
2014-04-06 00:39 - 2014-04-06 00:39 - 00370943 _____ () C:\Users\ESMEN\Downloads\gmer.zip
2014-04-06 00:39 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 23:41 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\Downloads\Video
2014-04-05 22:37 - 2009-07-14 05:34 - 00451372 ____R () C:\Windows\system32\Drivers\etc\hosts.20140406-161741.backup
2014-04-05 19:41 - 2014-04-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-05 19:40 - 2014-04-05 19:40 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-05 19:40 - 2014-04-05 19:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-05 19:39 - 2014-04-05 19:37 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\ESMEN\Downloads\spybot-2.2.exe
2014-04-05 01:34 - 2014-04-05 01:34 - 00000123 _____ () C:\Users\ESMEN\Desktop\Hobbit 2 Smaug’un Çorak Toprakları (2013) Full HD 1080p 720p Türkçe Dublaj Film izle - Full Katılımsız Program Oyun indir Film izle Portalcıyız.url
2014-04-04 21:49 - 2013-12-07 19:23 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\IDM
2014-04-04 21:48 - 2014-04-04 21:48 - 00000000 ____D () C:\Users\ESMEN\Downloads\Compressed
2014-04-04 21:47 - 2014-04-04 21:47 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-04-04 21:47 - 2013-12-07 19:23 - 00001009 _____ () C:\Users\ESMEN\Desktop\Internet Download Manager.lnk
2014-04-04 21:47 - 2009-07-14 05:34 - 00451312 __RSH () C:\Windows\system32\Drivers\etc\hosts.20140405-223743.backup
2014-04-04 21:46 - 2014-04-04 21:46 - 09624492 _____ () C:\Users\ESMEN\Downloads\İDM 6.19 Final Full Turkce.rar
2014-04-03 23:13 - 2014-03-31 11:16 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON
2014-04-02 13:02 - 2014-03-12 20:46 - 00000000 ____D () C:\Users\ESMEN\Desktop\CE351_FLME_STUD
2014-03-31 23:35 - 2013-12-11 16:48 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\BitTorrent
2014-03-31 22:15 - 2014-03-31 22:14 - 76817449 _____ () C:\Users\ESMEN\Downloads\Avatar_-_The_Last_Airbender_-_The_Rift_Part_1_(2014)_(digital)_(Son_of_Ultron-Empire).cbr
2014-03-31 22:13 - 2014-03-31 22:13 - 00012414 _____ () C:\Users\ESMEN\Downloads\[kickass.to]avatar.the.last.airbender.the.rift.part.1.2014.digital.torrent
2014-03-31 21:13 - 2014-03-31 21:13 - 01058123 _____ () C:\Users\ESMEN\Desktop\CE 303 COMPUTER APPLİCATİON.rar
2014-03-31 11:19 - 2014-02-26 20:50 - 00000000 ____D () C:\Users\ESMEN\Desktop\SOİLWORK
2014-03-30 14:44 - 2013-12-08 15:56 - 00000000 ____D () C:\Users\ESMEN\Documents\GTA San Andreas User Files
2014-03-29 15:13 - 2013-12-07 22:58 - 00003764 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17
2014-03-29 15:13 - 2013-12-07 01:27 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 19:20 - 2014-03-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Napoleon Total War
2014-03-27 19:19 - 2014-03-27 19:19 - 00000886 _____ () C:\Users\ESMEN\Desktop\Napoleon Total War.lnk
2014-03-27 19:05 - 2014-03-27 19:05 - 00003234 _____ () C:\Windows\System32\Tasks\{D6E1EE84-67D1-4766-B63C-93D971D80F99}
2014-03-27 18:46 - 2014-03-27 13:53 - 00000000 ____D () C:\Users\ESMEN\Downloads\Napoleon_Total_War-Razor1911
2014-03-23 13:09 - 2014-03-23 13:09 - 00000081 _____ () C:\Users\ESMEN\Desktop\IP-Adress.com Proxy List - Whois Proxy List - IP-Adress.com.url
2014-03-23 12:40 - 2014-03-23 12:40 - 00000021 _____ () C:\Users\ESMEN\Desktop\the piratebay torernt.txt
2014-03-20 19:56 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-18 19:16 - 2013-12-07 01:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 19:14 - 2013-12-07 01:46 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 23:15 - 2013-12-07 01:28 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 10:30 - 2013-12-07 01:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-14 10:30 - 2013-12-07 01:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 20:36 - 2014-02-04 23:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 10:03 - 2009-07-14 07:45 - 00416720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 20:08 - 2014-03-09 20:08 - 00008746 _____ () C:\Users\ESMEN\Desktop\Yeni Microsoft Excel Worksheet.xlsx
2014-03-09 19:03 - 2014-03-09 19:03 - 00948736 _____ () C:\Users\ESMEN\Downloads\SteelProfileTable.xls
2014-03-09 14:08 - 2014-03-09 14:08 - 00001039 _____ () C:\Users\ESMEN\Desktop\Dropbox.lnk
2014-03-09 14:08 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\DropboxMaster
2014-03-09 14:08 - 2013-12-07 01:06 - 00000000 ____D () C:\Users\ESMEN
2014-03-09 14:07 - 2014-03-09 14:07 - 00000000 ____D () C:\Users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-09 14:06 - 2014-03-09 14:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\ESMEN\Downloads\Dropbox 2.6.2.exe

Some content of TEMP:
====================
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:15

==================== End Of Log ============================

 

[Juliet]

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\ESMEN\AppData\Local\Temp
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...

 

[atilla]

FIX LOG
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by ESMEN at 2014-04-06 19:58:27 Run:1
Running from C:\Users\ESMEN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\ESMEN\AppData\Local\Temp
Reboot:
end
*****************

C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\LEGOLOTR.exe => Moved successfully.

"C:\Users\ESMEN\AppData\Local\Temp" directory move:

C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Diagnose.0.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Repair.Admin.0.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\A4026749-6F12-4033-A2AD-18499A2EA9A9.Verify.Admin.1.etl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.lck" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\etilqs_bGkgsfrnWyiczec" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\etilqs_vCVhcTjgJ7LVmcw" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\ESMEN\AppData\Local\Temp\~DF013895FED4A9848B.TMP => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000630a\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00001482\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00000ce4\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp00000cba\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000079f\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp000004ff\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000028c\tmp00000000 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\tmp0000001c\tmp00000000 => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies-journal" => Scheduled to move on reboot.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_0 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_1 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_2 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\data_3 => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\index => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\Sophos Virus Removal Tool.msi => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afih.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afjq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afko.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afkw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afls.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afmj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afms.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afmx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afng.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afob.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afoy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afpa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afpw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afqv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afra.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afrl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afro.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aftu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afun.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afuv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afve.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afvn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afwa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afxl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afyk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-afzr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agan.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agat.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agbh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agdo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-ageb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-ager.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agez.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agfz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agga.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aggb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aggf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aghi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aghm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agil.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agis.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agke.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agkt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-aglv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agmw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agod.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agot.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agov.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\age-agpz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\agen-ank.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\andro-br.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\andro-bv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-abp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aco.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-acp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-ado.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-adz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aeo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aet.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-aff.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-afp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-afu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-agu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\auto-ahg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\backd-jy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\baffec-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-bxy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banc-byf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gan.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gao.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gaq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gar.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bank-gbw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-al.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-rt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-sl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-tg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-tl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-to.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-ub.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banlo-uc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\banspy-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rrk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rro.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bckd-rrx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bdoo-bfs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\betabo-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\blada-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bladab-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bladab-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boaxx-ac.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boaxx-ad.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\boht-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-als.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-alx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-ami.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bred-amn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bredo-vg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bredo-wh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\bunitu-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\burnwo-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\buzus-hw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\buzus-ic.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\capha-bs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\chisbu-x.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cidox-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-dz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cride-ec.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\cutwa-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\danglo-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkco-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkko-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\darkko-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-ev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fry.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fst.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delf-fsx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delfdl-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\delfi-bv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dloa-dtu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdl-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdl-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\docdr-bg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lgf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lhq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lhz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lid.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lif.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lih.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lij.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lja.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-ljx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lkz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lla.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-lli.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\dwnl-llv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\encpk-al.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\encpk-ao.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\expiro-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\expiro-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hay.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hbl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hce.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hch.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hcj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fake-hck.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\farei-bw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\farei-bx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fbjack-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\fondu-x.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\gamar-ce.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\gamar-cg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\hioles-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\hkmain-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ifram-ll.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ifram-ls.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ast.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-asw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-atv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aug.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aui.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aul.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-aux.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ava.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-ave.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-avz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\inje-awh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\injec-ct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\injec-da.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\java-ry.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\java-sh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-ru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-rx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-sa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\javab-sc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jsred-mz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jsred-no.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\jvjack-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kazy-cd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keyge-ll.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keygen-y.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\keylo-pw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kilim-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-ct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\krypt-cv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\kuluo-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ad.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-af.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-ak.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-at.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-bg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-bl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-q.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\malit-y.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\matsn-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\matsn-bd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-frr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fsc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fsi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fss.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fst.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fte.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-ftg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-ftx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fud.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fuk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fun.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fuo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fut.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fvz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\mdro-fwv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miner-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miuref-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\miuref-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\morix-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-hh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ht.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ir.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-it.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-iy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ji.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-jn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-js.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ks.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ku.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-kx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-lr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-mx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-no.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-nz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-ok.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-oq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msil-os.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-av.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msili-bp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\msilin-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\napola-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\napola-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-ba.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\necur-bo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\neurev-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\nimnul-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\nymaim-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\obfjs-eq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pdf-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\perldo-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\php-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\php-s.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\phpdoo-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ploutu-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pws-cft.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pws-cfy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\pwszb-ai.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\qakbo-bj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-e.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-k.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-l.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramdo-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-ee.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-eg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\ramni-ek.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-aft.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-afv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-age.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rans-agy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rbrute-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rebhi-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\redym-aa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\revetr-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rovnix-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\rtfex-bi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sefni-bz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-e.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sharik-i.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\silly-lm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sniffe-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\snifie-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\snuffy-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\spy-aci.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sshdoo-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\stealf-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\swfex-cm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-s.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\symmi-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\sysmon-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tepfe-au.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tepfe-av.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themas-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themas-g.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\themeb-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tiotu-ec.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tiotu-ed.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tproxy-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\track-ae.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tracu-bs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\tracu-bu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-b.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-f.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\turla-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-aa.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-aq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatr-ax.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-n.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-o.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-u.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\upatre-w.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-alh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-alm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-gzu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-haw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hbq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hby.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hcp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hct.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hdy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hef.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-heh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hem.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hfz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vb-hgg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbagen-v.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbdwnl-d.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-hb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-hp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbinj-it.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbs-do.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vbs-ds.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vobfu-dn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\vobfu-dp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\weels-cl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\weels-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-ac.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-ah.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-am.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-aq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-aw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonto-be.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-h.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-j.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-m.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-p.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-t.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wonton-z.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\wowspy-c.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hev.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hge.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hgs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hhx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hij.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hio.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hit.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hiu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjs.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hjt.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hkl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hko.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hkp.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hks.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hku.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlk.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hlv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmy.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hmz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hnc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hni.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hno.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hnv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hot.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpe.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hph.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpl.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hpv.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hqu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hrd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hru.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hrz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsh.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hsw.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htf.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-htz.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hud.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hup.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-huu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvb.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hve.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvu.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hvx.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwd.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwi.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hwo.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hws.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hxc.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hxr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyq.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hyr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hys.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hza.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzm.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-hzr.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zbot-iaj.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zegos-cg.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zipma-dn.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zusy-r.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\RarSFX0\data\zxshel-a.ide => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\0X0409.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ASIA.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\audioentry.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\english.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ENGLISH.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE1.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE2.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE3.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\EUROPE4.SLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\INSTMSIA.EXE => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\INSTMSIW.EXE => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\ISSCRIPT.MSI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\LICENSE.MLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Platform.msi => Moved successfully.

 

[atilla]

C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Setup.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\Setup.iss => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\setup.log => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\SETUP.MLF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\SETUP.SCF => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAPCI.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIASETUP.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\viaudio.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Component.cif => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDAudDrVista64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDUpDrVista64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF00.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF01.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF02.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF03.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF04.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF05.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF06.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF07.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF08.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF09.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF10.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF100.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF101.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF102.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF103.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF104.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF105.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF106.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF107.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF108.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF109.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF11.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF110.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF111.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF112.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF113.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF114.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF115.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF116.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF117.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF118.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF119.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF12.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF120.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF121.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF122.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF123.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF124.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF125.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF126.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF127.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF128.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF129.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF13.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF130.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF131.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF132.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF133.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF134.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF135.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF136.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF137.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF138.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF139.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF14.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF140.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF15.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF16.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF17.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF18.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF19.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF20.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF21.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF22.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF23.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF24.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF25.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF26.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF27.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF28.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF29.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF30.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF31.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF32.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF33.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF34.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF35.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF36.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF37.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF38.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF39.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF40.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF41.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF42.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF43.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF44.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF45.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF46.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF47.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF48.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF49.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF50.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF51.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF52.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF53.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF54.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF55.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF56.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF57.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF58.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF59.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF60.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF61.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF62.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF63.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF64.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF65.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF66.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF67.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF68.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF69.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF70.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF71.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF72.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF73.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF74.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF75.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF76.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF77.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF78.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF79.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF80.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF81.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF82.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF83.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF84.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF85.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF86.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF87.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF88.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF89.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF90.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF91.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF92.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF93.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF94.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF95.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF96.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF97.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF98.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DCDEF99.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\DrvCaps.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\IniVerbs.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VistaIniFiles\IVDEF00.INI => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043102F.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043107F.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043108D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\104310FD.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043117D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\1043118D.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\10431577.mps => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\ADeckIcon.ico => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\AudioDeck.ico => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dolby_15582101.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dolby_1B0A20F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Dts2ApoApi64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\eq.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_11.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_2.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Language_8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\LFE.wav => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\MaxxAudioControl64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\QsApoApi64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\skin.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin1.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin2.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin2.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin3.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin4.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin5.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin6.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\Skin6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\SoundEffectComponent.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\SRSUIx64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\ST.WAV => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\String.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeck.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeck.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584120.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584121.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VEN1106_DEV0448_SUBSYS15584122.ini => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\viaaud.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VMicApi.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\_SysLanID.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10190000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192249.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192683.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192687.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10192690.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck101929B1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck101929B6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193121.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193126.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10193131.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197C6F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197DD5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10197DD9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10250657.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck102802FC.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431003.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431013.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431023.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043102D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043102F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043104D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431053.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043107F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043108D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310AD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310BD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310DD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310ED.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104310FD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043110D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431111.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043115D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043116D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043117D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043118D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104313F7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431473.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431487.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104314C7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104314E7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431523.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431577.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104315F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C13.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C23.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10431C33.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104382EA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043830C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438345.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438346.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438348.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043836C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043837A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043837C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043838C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383A1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383AA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383AE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383B8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383BD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383C6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383CF.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D0.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383D7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383DE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383DF.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383E4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383E8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383EA.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383EB.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383F4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383F7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104383FB.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043840E.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438414.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438415.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438416.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438417.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438420.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438421.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438425.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438463.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043846A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104384BE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck104384F6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043850B.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1043851C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10438532.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CF7.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CF8.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CFC.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0CFD.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0D0F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DC6.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DC9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DD3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DE4.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DE9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DED.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DF0.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0DF1.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E11.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E19.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E22.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0E24.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck105B0EFE.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck10CF1777.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck11060000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12972018.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12972019.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12973162.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12973170.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck12975162.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A002.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1458A014.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14620000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14621000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627577.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627592.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627599.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck14627623.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15090000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15091E40.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15093002.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15096047.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck152D0778.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580240.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580370.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580540.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580541.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580550.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580551.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15580650.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581110.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581150.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581300.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581301.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581310.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581311.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581550.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15581551.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582101.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582400.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582450.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582512.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582701.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582702.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582703.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582704.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582705.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582706.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15582707.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583110.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583450.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15583537.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584120.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584121.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15584511.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15585125.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15585410.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15586500.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15587410.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15589100.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15650000.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15658108.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810C.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810D.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1565810F.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck15658111.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F30B97.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F30B98.via => Moved successfully.

 

[atilla]

C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31702.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31704.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31705.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31706.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170516F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170616F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck17AA3606.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18490397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491708.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492020.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492120.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492220.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492320.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492397.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492420.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492520.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492620.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492708.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492720.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492820.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492920.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498818.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18499718.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck19915733.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0065.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A00B5.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0139.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A013A.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20E9.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20F3.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BAB1015.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BDD7133.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeckF1248888.via => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2APO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPO30.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPOShell64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioVIA64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcshp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcsii64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slgeq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slh36064.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slInit64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slmaxv64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprop64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprt000.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltshd64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltune00.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sluapo64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slvipp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slviq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb01.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb02.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb03.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb04.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb05.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb06.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb07.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb10.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb11.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb17.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb18.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb21.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.cat => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokePropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeSrv.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIASysFx.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\vmfilt64.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMPPCn64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMppld64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMWrp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VtSrdAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\WavesGUILib64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2APO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPO30.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPOShell64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioVIA64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcshp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcsii64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slgeq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slh36064.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slInit64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slmaxv64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprop64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprt000.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltshd64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltune00.txt => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sluapo64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slvipp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slviq64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viaaud.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb01.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb02.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb03.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb04.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb05.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb06.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb07.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb10.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb11.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb17.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb18.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb21.inf => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.cat => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokePropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeSrv.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIAPropPageExt.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIASysFx.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\vmfilt64.sys => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMPPCn64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMppld64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX32.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMWrp64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VtSrdAPO.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\WavesGUILib64.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64A.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64H.dll => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3Sp1.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K3x64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp1.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp2.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPx64.exe => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\x64\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista64\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista32\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\nt\viahdcpl.cpl => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X86\DIFXAPI.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X64\DIFXAPI.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\7zS37EE\HPSLPSVC64.DLL => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\crl-set => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.fingerprint => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.json => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\crl-set => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.fingerprint => Moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.json => Moved successfully.
Could not move "C:\Users\ESMEN\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-06 20:01:42)<=

C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.lck => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\etilqs_bGkgsfrnWyiczec => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\etilqs_vCVhcTjgJ7LVmcw => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies-journal => Is moved successfully.
C:\Users\ESMEN\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

 

[atilla]

i also take 2 error

1-) the drop box stop running and do not start at beginning

2-)eror saving file
c:/windows/ERDNT/autobackup/06.04.2014/system !

continiue with the next file ?
[ RegCreateKeyEx:5-erişim engellendi ]

 

[Juliet]

can you run ComboFix?

)eror saving file
c:/windows/ERDNT/autobackup/06.04.2014/system !

The error from ERUNT is because you have a link in your START UP group for a backup. This gets launched without Admin rights so it fails. You can either modify the shortcut to have Admin rights or remove the shortcut and that should get rid of the error.

 

[atilla]

i run combofix and i also run ernt as adminastator

ComboFix 14-04-06.01 - ESMEN 06.04.2014 20:23:34.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2493 [GMT 3:00]
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-06 to 2014-04-06 )))))))))))))))))))))))))))))))
.
.
2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 17:27 . 2014-04-06 17:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\offreg.dll
2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08 . 2014-04-06 16:59 -------- d-----r- c:\users\ESMEN\Dropbox
2014-03-09 11:06 . 2014-04-06 17:02 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002f
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-06 20:30:59
ComboFix-quarantined-files.txt 2014-04-06 17:30
.
Pre-Run: 136.639.127.552 bayt boş
Post-Run: 136.462.843.904 bayt boş
.
- - End Of File - - C7802ADFFE7FF941F810928C7E5B942E
A36C5E4F47E84449FF07ED3517B43A31

 

[Juliet]

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Code box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

FCopy::c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll
FCopy::c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\SysWOW64\user32.dll

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please post this log when done.

 

[atilla]

-------combofix with CFscript------------
ComboFix 14-04-06.01 - ESMEN 07.04.2014 14:02:16.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2211 [GMT 3:00]
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 11:07 . 2014-04-07 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 17:31 . 2014-04-07 11:07 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 11:08 . 2014-04-07 10:54 -------- d-----r- c:\users\ESMEN\Dropbox
2014-03-09 11:06 . 2014-04-07 10:54 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002f
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-07 14:09:39
ComboFix-quarantined-files.txt 2014-04-07 11:09
ComboFix2.txt 2014-04-06 17:30
.
Pre-Run: 135.884.390.400 bayt boş
Post-Run: 135.811.702.784 bayt boş
.
- - End Of File - - 1C2ECA7FEAC3AB8E16213A012E20BA0F
A36C5E4F47E84449FF07ED3517B43A31

 

[Juliet]

Did you drag the script I created into the ComboFix icon?

The log you posted was from yesterday

ComboFix 14-04-06.01 <--yesterday

ComboFix 14-04-06.01 <-- today

If you did drag it over, how's the computer now?

 

[atilla]

i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again

 

[Juliet]

i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again

Before we do that let's try this scanner.


Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
  
• Then click on Change parameters.
  
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
• Get the report by selecting Reports
  
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.



A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

[Juliet]

Looking back I found this
Running from: c:\users\ESMEN\Downloads\ComboFix.exe
Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt

Need to move ComboFix to desktop or delete the version you have now, re-download and make sure it's saved to desktop, then run the fix I created again

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.