Solved Malware
- Thread starter Andytechhelp
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
- Accept the default whitelist options,
- If the additions.txt options box is not checked please select it.
- Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Step 1: Adware Removal Tool Scan.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Click Scan
Hit Ok.
Hit next make sure to leave all items checked, for removal.
Click Next
The Program will close all open programs to complete the removal, so save any work and hit OK.
Then hit OK after the removal process is complete, thenOK again to finish up.
Post log generated by tool.
Step2: Adware Cleaner Scan.
Adware Cleaner
Step 3: FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Click Scan
Hit Ok.
Hit next make sure to leave all items checked, for removal.
Click Next
The Program will close all open programs to complete the removal, so save any work and hit OK.
Then hit OK after the removal process is complete, thenOK again to finish up.
Post log generated by tool.
Step2: Adware Cleaner Scan.
Adware Cleaner
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select
-
Run as Administrator - Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
- Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
Step 3: FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Adware Cleaner log(s): 2nd one probably doesn't fit with that but it was under it once everything was done
Frst Fix log:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-05-2022
Ran by Andy (12-05-2022 22:33:43) Run:1
Running from C:\Users\Andy\OneDrive\Desktop
Loaded Profiles: Andy
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy: HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-502753979-2692203269-1871385629-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Andy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-502753979-2692203269-1871385629-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Andy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-502753979-2692203269-1871385629-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andy\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" (No File)
HKU\S-1-5-21-502753979-2692203269-1871385629-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andy\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" (No File)
Task: {028919FF-9193-4610-BBEA-5A1B7C67A527} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-04-20] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2E51F856-6FA5-428B-BA5B-0789F0E89BB3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-04-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9B38BA80-F650-4CE6-93AD-8DBEDF86C6DB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-04-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9B597209-F8FE-4C0F-966B-8A5C8761BA1F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-04-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A4126A65-322F-4A68-B6EF-1C8F0C06347B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-04-20] (Nvidia Corporation -> NVIDIA Corporation)
Edge Extension: (AdBlock � best ad blocker) - C:\Users\Andy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-05-10]
S3 equ8_helper; \??\C:\WINDOWS\system32\DRIVERS\equ8_helper.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bit Driver Updater
C:\Users\Andy\Downloads\bitdurtsetup.exe
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10472]
C:\WINDOWS\system32\drivers\etc\hosts
hosts:
File: C:\Users\Andy\system32log.dat
File: C:\Users\Andy\system32log2.dat
VirusTotal: C:\Users\Andy\system32log.dat
VirusTotal: C:\Users\Andy\system32log2.dat
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd: bitsadmin /list /allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
StartBatch:
DISM.exe /Online /Cleanup-Image /StartComponentCleanup
DISM.exe /Online /Cleanup-image /Restorehealth
sc stop sysmain
sc config sysmain start= disabled
sc stop DiagTrack
sc config DiagTrack start= disabled
sc stop dmwappushservice
sc config dmwappushservice start= disabled
del /f /s /q %windir%\prefetch\*.*
del /s /q C:\Windows\SoftwareDistribution\download\*.*
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\temp\*.*"
ipconfig /flushdns
endbatch:
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
*****************
Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoveProxy: SunJavaUpdateSched" => not found
"HKU\S-1-5-21-502753979-2692203269-1871385629-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-502753979-2692203269-1871385629-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-502753979-2692203269-1871385629-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005\amd64" => not found
"HKU\S-1-5-21-502753979-2692203269-1871385629-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{028919FF-9193-4610-BBEA-5A1B7C67A527}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{028919FF-9193-4610-BBEA-5A1B7C67A527}" => removed successfully
C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E51F856-6FA5-428B-BA5B-0789F0E89BB3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E51F856-6FA5-428B-BA5B-0789F0E89BB3}" => removed successfully
C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B38BA80-F650-4CE6-93AD-8DBEDF86C6DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B38BA80-F650-4CE6-93AD-8DBEDF86C6DB}" => removed successfully
C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B597209-F8FE-4C0F-966B-8A5C8761BA1F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B597209-F8FE-4C0F-966B-8A5C8761BA1F}" => removed successfully
C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4126A65-322F-4A68-B6EF-1C8F0C06347B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4126A65-322F-4A68-B6EF-1C8F0C06347B}" => removed successfully
C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
Edge Extension: (AdBlock � best ad blocker) - C:\Users\Andy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-05-10] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\equ8_helper => removed successfully
equ8_helper => service removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bit Driver Updater" => not found
C:\Users\Andy\Downloads\bitdurtsetup.exe => moved successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\WINDOWS\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.
========================= File: C:\Users\Andy\system32log.dat ========================
C:\Users\Andy\system32log.dat
File not signed
MD5: 71226F702CF71E24DE17135096C1C2EA
Creation and modification date: 2021-01-12 03:36 - 2021-01-12 03:36
Size: 000000087
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0
====== End of File: ======
========================= File: C:\Users\Andy\system32log2.dat ========================
C:\Users\Andy\system32log2.dat
File not signed
MD5: BB7546CBB1E58955BDDACB6675904D36
Creation and modification date: 2021-01-12 03:36 - 2021-01-12 03:36
Size: 000000064
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0
====== End of File: ======
VirusTotal: C:\Users\Andy\system32log.dat => https://www.virustotal.com/gui/file/87efc060980049be59047d6c669d09d0f87a5c1aa11cee6b35cb297a14b4a8dd/detection/f-87efc060980049be59047d6c669d09d0f87a5c1aa11cee6b35cb297a14b4a8dd-1652412832
VirusTotal: C:\Users\Andy\system32log2.dat => https://www.virustotal.com/gui/file/afc8f63bd65870d86eb7db3094cfa489f72ddde8761e266d3dda2a5d4d64c03c/detection/f-afc8f63bd65870d86eb7db3094cfa489f72ddde8761e266d3dda2a5d4d64c03c-1652412833
========= net stop bits =========
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
========= End of CMD: =========
"C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db" moved successfully to C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
========= net start bits =========
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
========= End of CMD: =========
========= bitsadmin /list /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
Listed 0 job(s).
========= End of CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe /R" =========
Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe /R" =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SYSTEM32\lodctr.exe /R" =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SysWOW64\lodctr.exe /R" =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= Batch: =========
敄汰祯敭瑮䤠慭敧匠牥楶楣杮愠摮䴠湡条浥湥⁴潴汯敖獲潩㩮ㄠ⸰⸰㤱㐰⸱㐸ഴഊ䤊慭敧嘠牥楳湯›〱〮ㄮ〹㐴ㄮ〷ശഊഊ㵛㴽㴽†††††††††††〱〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††㤱〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††〲〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††〲〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††〲〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††〲〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽†††††††㌲㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔶㜮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔶㠮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔶㤮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔶㤮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶〮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶〮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶ㄮ㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㈮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㈮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㐮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㔮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㜮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘶㤮㴥㴽㴽‽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜶㌮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜶㐮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜶㜮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜶㤮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶ㄮ㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶㈮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠶㐮㴥㴽㴽㴽†††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽〷㜮㴥㴽㴽㴽㴽††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㈷㘮㴥㴽㴽㴽㴽‽†††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐷㌮㴥㴽㴽㴽㴽㴽†††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔷㜮㴥㴽㴽㴽㴽㴽†††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜷㘮㴥㴽㴽㴽㴽㴽㴽††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㤷㐮㴥㴽㴽㴽㴽㴽㴽‽†††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄸ㌮㴥㴽㴽㴽㴽㴽㴽㴽†††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㈸㐮㴥㴽㴽㴽㴽㴽㴽㴽†††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㌸㔮㴥㴽㴽㴽㴽㴽㴽㴽‽††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐸㔮㴥㴽㴽㴽㴽㴽㴽㴽㴽††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔸㐮㴥㴽㴽㴽㴽㴽㴽㴽㴽††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘸㈮㴥㴽㴽㴽㴽㴽㴽㴽㴽††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜸㤮㴥㴽㴽㴽㴽㴽㴽㴽㴽‽†††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠸㠮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽†††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽〹㘮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽‽††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㈹㜮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㌹㤮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐹㜮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘹㌮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠹㌮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㤹㠮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠ吊敨漠数慲楴湯挠浯汰瑥摥猠捵散獳畦汬敄汰祯敭瑮䤠慭敧匠牥楶楣杮愠摮䴠湡条浥湥⁴潴汯敖獲潩㩮ㄠ⸰⸰㤱㐰⸱㐸ഴഊ䤊慭敧嘠牥楳湯›〱〮ㄮ〹㐴ㄮ〷ശഊഊ㵛‽††††††††††††⸳┸†††††††††††††崠ഠഊ㵛‽††††††††††††⸴┸†††††††††††††崠ഠഊ㵛㴽††††††††††††⸵┷†††††††††††††崠ഠഊ㵛㴽††††††††††††⸶┷†††††††††††††崠ഠഊ㵛㴽‽†††††††††††⸷┷†††††††††††††崠ഠഊ㵛㴽㴽†††††††††††⸸┷†††††††††††††崠ഠഊ㵛㴽㴽†††††††††††⸹┷†††††††††††††崠ഠഊ㵛㴽㴽‽††††††††††〱㘮‥††††††††††††崠ഠഊ㵛㴽㴽‽††††††††††ㄱ㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽††††††††††㈱㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽††††††††††㌱㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽‽†††††††††㐱㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽†††††††††㔱㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽†††††††††㘱㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽‽††††††††㜱㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽‽††††††††㠱㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††㤱㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽††††††††〲㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽‽†††††††ㄲ㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽†††††††㈲㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽†††††††㌲㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽‽††††††㐲㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽‽††††††㔲㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽††††††㘲㌮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽††††††㘲㤮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽‽†††††㜲㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽‽†††††㠲㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽‽†††††㠲㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽†††††㤲㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽†††††〳㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽‽††††ㄳ㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽‽††††㈳㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽††††㌳㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†††㐳㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†††㔳㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†††㘳㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†††㜳㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽††㠳㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽††㤳㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽††〴〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽††〴㤮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽††ㄴㄮ‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†ㄴ㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†ㄴ㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†㈴〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽†㈴㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†㌴㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†㌴㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽†㐴㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽㔴㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽‽㘴㌮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜴ㄮ‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠴ㄮ‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㤴ㄮ‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽〵〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄵ〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㈵〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㌵〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐵〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐵㤮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㌮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㜮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㤮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㔵㤮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵〮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㈮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㌮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㌮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㐮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㔮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㘮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㠮‥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㘵㤮㴥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜵ㄮ㴥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㜵㈮㴥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㠵㈮㴥††††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㤵㈮㴥‽†††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽〶㈮㴥‽†††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㈶㌮㴥㴽‽††††††††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㐸㤮㴥㴽㴽㴽㴽㴽㴽㴽㴽††††崠ഠഊ㵛㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽ㄽ〰〮㴥㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽㴽崽ഠ吊敨爠獥潴敲漠数慲楴湯挠浯汰瑥摥猠捵散獳畦汬桔灯牥瑡潩潣灭敬整畳捣獥晳汵祬മഊ匊剅䥖䕃也䵁㩅猠獹慭湩ഠ †††吠偙⁅†††††††›〳†䥗㍎′ഠ †††匠䅔䕔†††††††›″匠佔彐䕐䑎义⁇††††††††††††††††匨佔偐䉁䕌低彔䅐单䉁䕌䍁䕃呐当䡓呕佄乗ഩ †††圠义㈳䕟䥘彔佃䕄††›‰⠠砰⤰††††䕓噒䍉彅塅呉䍟䑏⁅㨠〠†〨へഩ †††䌠䕈䭃佐义⁔††††›砰ര †††圠䥁彔䥈呎†††††›砰㜲〱卛嵃䌠慨杮卥牥楶散潃普杩匠䍕䕃卓䕓噒䍉彅䅎䕍›楄条牔捡††††奔䕐†††††††㨠ㄠ‰圠义㈳佟乗偟佒䕃卓†††††呓呁⁅††††††㨠㌠†呓偏偟久䥄䝎ഠ †††††††††††††††⠠呓偏䅐䱂ⱅ丠呏偟啁䅓䱂ⱅ䄠䍃偅協偟䕒䡓呕佄乗ഩ †††圠义㈳䕟䥘彔佃䕄††›‰⠠砰⤰††††䕓噒䍉彅塅呉䍟䑏⁅㨠〠†〨へഩ †††䌠䕈䭃佐义⁔††††›砰ള †††圠䥁彔䥈呎†††††›砰ര嬊䍓⁝桃湡敧敓癲捩䍥湯楦啓䍃卅嬊䍓⁝潃瑮潲卬牥楶散䘠䥁䕌⁄〱㈶ഺഊ吊敨猠牥楶散栠獡渠瑯戠敥瑳牡整卛嵃䌠慨杮卥牥楶散潃普杩匠䍕䕃卓Deleted file - C:\WINDOWS\prefetch\512.59-DESKTOP-WIN10-WIN11-64-FCD069D9.pf
Deleted file - C:\WINDOWS\prefetch\ACCOUNTSCONTROLHOST.EXE-53D5987E.pf
Deleted file - C:\WINDOWS\prefetch\ADWARE-REMOVAL-TOOL-BY-TSA.EX-7C7F70C0.pf
Deleted file - C:\WINDOWS\prefetch\ADWARE-REMOVAL-TOOL-BY-TSA.EX-CFEF9DE3.pf
Deleted file - C:\WINDOWS\prefetch\ADWCLEANER.EXE-600FF696.pf
Deleted file - C:\WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-8CE9A1EE.pf
Deleted file - C:\WINDOWS\prefetch\AUDIODG.EXE-AB22E9A6.pf
Deleted file - C:\WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-05A8BF9D.pf
Deleted file - C:\WINDOWS\prefetch\BAKKESMOD.EXE-4A8C38C5.pf
Deleted file - C:\WINDOWS\prefetch\BAKKESMODSETUP.TMP-078CC60F.pf
Deleted file - C:\WINDOWS\prefetch\BAKKESMODSETUP.TMP-E91E0FDF.pf
Deleted file - C:\WINDOWS\prefetch\BATTLE.NET-SETUP (1).EXE-AEE4DD82.pf
Deleted file - C:\WINDOWS\prefetch\BATTLE.NET-SETUP.EXE-525CD1A0.pf
Deleted file - C:\WINDOWS\prefetch\BCDEDIT.EXE-FE221428.pf
Deleted file - C:\WINDOWS\prefetch\BESERVICE.EXE-991187A8.pf
Deleted file - C:\WINDOWS\prefetch\BITSADMIN.EXE-61856B04.pf
Deleted file - C:\WINDOWS\prefetch\cadrespri.7db
Deleted file - C:\WINDOWS\prefetch\CALCULATOR.EXE-B4C49869.pf
Deleted file - C:\WINDOWS\prefetch\CHXSMARTSCREEN.EXE-061DFBA0.pf
Deleted file - C:\WINDOWS\prefetch\CMD.EXE-0BD30981.pf
Deleted file - C:\WINDOWS\prefetch\CMD.EXE-6D6290C5.pf
Deleted file - C:\WINDOWS\prefetch\COMPPKGSRV.EXE-4780F0C1.pf
Deleted file - C:\WINDOWS\prefetch\CONHOST.EXE-0C6456FB.pf
Deleted file - C:\WINDOWS\prefetch\CONSENT.EXE-40419367.pf
Deleted file - C:\WINDOWS\prefetch\CPU-Z_2.01-EN.TMP-C1D5F772.pf
Deleted file - C:\WINDOWS\prefetch\CPU-Z_2.01-EN.TMP-DE18A3B6.pf
Deleted file - C:\WINDOWS\prefetch\CPUZ.EXE-4CC3052D.pf
Deleted file - C:\WINDOWS\prefetch\CRASHREPORTCLIENT.EXE-1DCB3EA3.pf
Deleted file - C:\WINDOWS\prefetch\CSCRIPT.EXE-BF1500E5.pf
Deleted file - C:\WINDOWS\prefetch\CSRSS.EXE-F3C368CB.pf
Deleted file - C:\WINDOWS\prefetch\CTFMON.EXE-795F8130.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-322F46F8.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-322F46F9.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-322F46FA.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-322F46FF.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-322F4700.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER.EXE-4445BB00.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER64.EXE-AFD4BBE2.pf
Deleted file - C:\WINDOWS\prefetch\DISM.EXE-AA0F2086.pf
Deleted file - C:\WINDOWS\prefetch\DISMHOST.EXE-57EA3805.pf
Deleted file - C:\WINDOWS\prefetch\DISMHOST.EXE-89CEE8B4.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-11F2D5CA.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-1BAE06BB.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-2F38F60D.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-47BE07DC.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-6F625E57.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-7617EDA2.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-7D5CE0CA.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-810B6BBE.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-895D23F2.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-95A95592.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-D200FEC3.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-D52C49C5.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-D778F42C.pf
Deleted file - C:\WINDOWS\prefetch\DWM.EXE-314E93C5.pf
Deleted file - C:\WINDOWS\prefetch\DXWSETUP.EXE-CD66B6CA.pf
Deleted file - C:\WINDOWS\prefetch\dynrespri.7db
Deleted file - C:\WINDOWS\prefetch\EPICGAMESLAUNCHER.EXE-018FC121.pf
Deleted file - C:\WINDOWS\prefetch\EPICGAMESLAUNCHER.EXE-FAB85FF0.pf
Deleted file - C:\WINDOWS\prefetch\EPICWEBHELPER.EXE-CFB15551.pf
Deleted file - C:\WINDOWS\prefetch\EPICWEBHELPER.EXE-CFB15552.pf
Deleted file - C:\WINDOWS\prefetch\EPICWEBHELPER.EXE-CFB15558.pf
Deleted file - C:\WINDOWS\prefetch\EQU8-LAUNCHER.EXE-C323D4D2.pf
Deleted file - C:\WINDOWS\prefetch\EXPLORER.EXE-54012F5E.pf
Deleted file - C:\WINDOWS\prefetch\EXPLORER.EXE-D5E97654.pf
Deleted file - C:\WINDOWS\prefetch\FILECOAUTH.EXE-D2E1097B.pf
Deleted file - C:\WINDOWS\prefetch\FILECOAUTH.EXE-FB5DDF02.pf
Deleted file - C:\WINDOWS\prefetch\FILESYNCCONFIG.EXE-1EC6EB05.pf
Deleted file - C:\WINDOWS\prefetch\FONTDRVHOST.EXE-8152304A.pf
Deleted file - C:\WINDOWS\prefetch\FORTNITECLIENT-WIN64-SHIPPING-5C4E2EC0.pf
Deleted file - C:\WINDOWS\prefetch\FORTNITECLIENT-WIN64-SHIPPING-7FD2FDC8.pf
Deleted file - C:\WINDOWS\prefetch\FORTNITECLIENT-WIN64-SHIPPING-F9F3FF7E.pf
Deleted file - C:\WINDOWS\prefetch\FORTNITELAUNCHER.EXE-EE5C219B.pf
Deleted file - C:\WINDOWS\prefetch\FRST64.EXE-3047760D.pf
Deleted file - C:\WINDOWS\prefetch\GAMEBAR.EXE-1169076E.pf
Deleted file - C:\WINDOWS\prefetch\GAMEBARFTSERVER.EXE-0228AAC3.pf
Deleted file - C:\WINDOWS\prefetch\GAMEBARPRESENCEWRITER.EXE-5ADEE7C2.pf
Deleted file - C:\WINDOWS\prefetch\GAMEOVERLAYUI.EXE-BF84A71A.pf
Deleted file - C:\WINDOWS\prefetch\GLDRIVERQUERY.EXE-D4C3F5EA.pf
Deleted file - C:\WINDOWS\prefetch\GLDRIVERQUERY64.EXE-1B3D222C.pf
Deleted file - C:\WINDOWS\prefetch\IDENTITY_HELPER.EXE-07BE8F1D.pf
Deleted file - C:\WINDOWS\prefetch\INSTSPEEDFAN452_1.EXE-8F134020.pf
Deleted file - C:\WINDOWS\prefetch\JAVA.EXE-6C65622A.pf
Deleted file - C:\WINDOWS\prefetch\JAVAW.EXE-15A9514D.pf
Deleted file - C:\WINDOWS\prefetch\LAUNCHERPREREQSETUP_X64.EXE-F838B47C.pf
Deleted file - C:\WINDOWS\prefetch\LODCTR.EXE-21DD01F9.pf
Deleted file - C:\WINDOWS\prefetch\LODCTR.EXE-57DC4D95.pf
Deleted file - C:\WINDOWS\prefetch\LOGONUI.EXE-F639BD7E.pf
Deleted file - C:\WINDOWS\prefetch\LUNARIA.EXE-BC9DEC18.pf
Deleted file - C:\WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-7A595326.pf
Deleted file - C:\WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-F5339112.pf
Deleted file - C:\WINDOWS\prefetch\MICROSOFTEDGEUPDATESETUP_X86_-1AA124BF.pf
Deleted file - C:\WINDOWS\prefetch\MMC.EXE-410C5F73.pf
Deleted file - C:\WINDOWS\prefetch\MOFCOMP.EXE-5225C32D.pf
Deleted file - C:\WINDOWS\prefetch\MOUSOCOREWORKER.EXE-4429AC2B.pf
Deleted file - C:\WINDOWS\prefetch\MPAM-2C16AED0.EXE-98E4E184.pf
Deleted file - C:\WINDOWS\prefetch\MPAM-C88148CA.EXE-77B7FAEA.pf
Deleted file - C:\WINDOWS\prefetch\MPCMDRUN.EXE-2C9109F9.pf
Deleted file - C:\WINDOWS\prefetch\MPCMDRUN.EXE-46BF565F.pf
Deleted file - C:\WINDOWS\prefetch\MPCOPYACCELERATOR.EXE-A86DEE2A.pf
Deleted file - C:\WINDOWS\prefetch\MPSIGSTUB.EXE-A962062C.pf
Deleted file - C:\WINDOWS\prefetch\MPSIGSTUB.EXE-CA188F30.pf
Deleted file - C:\WINDOWS\prefetch\MSCORSVW.EXE-16B291C4.pf
Deleted file - C:\WINDOWS\prefetch\MSCORSVW.EXE-8CE1A322.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9A.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9B.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9C.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9D.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9F.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA1.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA2.pf
Deleted file - C:\WINDOWS\prefetch\MSIEXEC.EXE-8FFB1633.pf
Deleted file - C:\WINDOWS\prefetch\MSIEXEC.EXE-CDBFC0F7.pf
Deleted file - C:\WINDOWS\prefetch\MSMPENG.EXE-558DCD36.pf
Deleted file - C:\WINDOWS\prefetch\MSMPENG.EXE-9407C20C.pf
Deleted file - C:\WINDOWS\prefetch\NETSH.EXE-A596235F.pf
Deleted file - C:\WINDOWS\prefetch\NGEN.EXE-4A8DA13E.pf
Deleted file - C:\WINDOWS\prefetch\NGEN.EXE-734C6620.pf
Deleted file - C:\WINDOWS\prefetch\NGENTASK.EXE-0E6CEC17.pf
Deleted file - C:\WINDOWS\prefetch\NGENTASK.EXE-849BFD75.pf
Deleted file - C:\WINDOWS\prefetch\NISSRV.EXE-BD5486EA.pf
Deleted file - C:\WINDOWS\prefetch\NOTEPAD.EXE-032BB3D8.pf
Deleted file - C:\WINDOWS\prefetch\NOTEPAD.EXE-C5670914.pf
Deleted file - C:\WINDOWS\prefetch\NOTIFICATION_HELPER.EXE-15FEE25E.pf
Deleted file - C:\WINDOWS\prefetch\NVCONTAINER.EXE-537D289C.pf
Deleted file - C:\WINDOWS\prefetch\NVCPLUI.EXE-1DA94FEE.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA GEFORCE EXPERIENCE.EXE-F3700552.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA GEFORCE EXPERIENCE.EXE-F3700553.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA GEFORCE EXPERIENCE.EXE-F3700554.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-2210BBD2.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-2210BBD3.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-2210BBD4.pf
Deleted file - C:\WINDOWS\prefetch\NVNODEJSLAUNCHER.EXE-41C22A58.pf
Deleted file - C:\WINDOWS\prefetch\NVOAWRAPPERCACHE.EXE-B7EEA55F.pf
Deleted file - C:\WINDOWS\prefetch\NVSPHELPER64.EXE-ED1F6517.pf
Deleted file - C:\WINDOWS\prefetch\OAWRAPPER.EXE-B8908BF7.pf
Deleted file - C:\WINDOWS\prefetch\ONEDRIVE.EXE-55B6199E.pf
Deleted file - C:\WINDOWS\prefetch\ONEDRIVESETUP.EXE-21178AA6.pf
Deleted file - C:\WINDOWS\prefetch\Op-MSEDGE.EXE-37D25F9A-00000001.pf
Deleted file - C:\WINDOWS\prefetch\OPENWITH.EXE-8B50D58B.pf
Deleted file - C:\WINDOWS\prefetch\PfPre_74b579ca.mkd
Deleted file - C:\WINDOWS\prefetch\PfSvPerfStats.bin
Deleted file - C:\WINDOWS\prefetch\PILOTSHUBAPP.EXE-F8497750.pf
Deleted file - C:\WINDOWS\prefetch\PORTALWARS-WIN64-SHIPPING.EXE-50B5EA27.pf
Deleted file - C:\WINDOWS\prefetch\REG.EXE-0AC99A87.pf
Deleted file - C:\WINDOWS\prefetch\ResPriHMStaticDb.ebd
Deleted file - C:\WINDOWS\prefetch\ROCKETLEAGUE.EXE-C5DE6276.pf
Deleted file - C:\WINDOWS\prefetch\RTKAUDUSERVICE64.EXE-78DB00C8.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-0710B17E.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-088B89DD.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-0A41BB3F.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-23A6E65B.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-43691A83.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-6A0EB869.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-743CD83E.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-75313621.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-92AFAED9.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-B067BF56.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-BEA5073A.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-D0BF56CB.pf
Deleted file - C:\WINDOWS\prefetch\RUNEAPPS.ALT1.EXE-08637978.pf
Deleted file - C:\WINDOWS\prefetch\RUNELITE.EXE-CDA615BC.pf
Deleted file - C:\WINDOWS\prefetch\RUNELITESETUP32.TMP-7CAC6003.pf
Deleted file - C:\WINDOWS\prefetch\RUNESCAPE-SETUP.TMP-5075E109.pf
Deleted file - C:\WINDOWS\prefetch\RUNESCAPE-SETUP.TMP-C6213C05.pf
Deleted file - C:\WINDOWS\prefetch\RUNESCAPE.EXE-52CD05EE.pf
Deleted file - C:\WINDOWS\prefetch\RUNESCAPE.EXE-A5EE52A0.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-008667D2.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-1D2E9A85.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-2965C268.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-4551A062.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-52775CFE.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-6B83017D.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-F8AFB262.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHAPP.EXE-63B90849.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHAPP.EXE-E5FB5474.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
Deleted file - C:\WINDOWS\prefetch\SECHEALTHUI.EXE-930034E1.pf
Deleted file - C:\WINDOWS\prefetch\SECURITYHEALTHSYSTRAY.EXE-E527A4AE.pf
Deleted file - C:\WINDOWS\prefetch\SETTINGSYNCHOST.EXE-0130E42A.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-0AD203E0.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-EBDE4589.pf
Deleted file - C:\WINDOWS\prefetch\SGRMBROKER.EXE-32481FEB.pf
Deleted file - C:\WINDOWS\prefetch\SHAREX-13.7.0-SETUP.TMP-47D31725.pf
Deleted file - C:\WINDOWS\prefetch\SHAREX-13.7.0-SETUP.TMP-B63E7825.pf
Deleted file - C:\WINDOWS\prefetch\SHAREX.EXE-B92B1511.pf
Deleted file - C:\WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-4CC9062B.pf
Deleted file - C:\WINDOWS\prefetch\SIHCLIENT.EXE-98C47F6C.pf
Deleted file - C:\WINDOWS\prefetch\SIHOST.EXE-115B507F.pf
Deleted file - C:\WINDOWS\prefetch\SMARTSCREEN.EXE-EACC1250.pf
Deleted file - C:\WINDOWS\prefetch\SMSS.EXE-B5B810DB.pf
Deleted file - C:\WINDOWS\prefetch\SPECCY64.EXE-D1F9E5DB.pf
Deleted file - C:\WINDOWS\prefetch\SPEEDFAN.EXE-385DF2DA.pf
Deleted file - C:\WINDOWS\prefetch\SPLITGATE.EXE-21C59109.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-D2C31C62.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-D2C31C64.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-D2C31C69.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-D2C31C6A.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFYSETUP.EXE-75BEBFB0.pf
Deleted file - C:\WINDOWS\prefetch\SPPSVC.EXE-96070FE0.pf
Deleted file - C:\WINDOWS\prefetch\SPSETUP132.EXE-37C95A9F.pf
Deleted file - C:\WINDOWS\prefetch\SPWEBINST0.EXE-349F5EF7.pf
Deleted file - C:\WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-DF593AF9.pf
Deleted file - C:\WINDOWS\prefetch\STEAM.EXE-D936A6F2.pf
Deleted file - C:\WINDOWS\prefetch\STEAMSERVICE.EXE-2A912AE7.pf
Deleted file - C:\WINDOWS\prefetch\STEAMSERVICETMP.EXE-C6E7D42C.pf
Deleted file - C:\WINDOWS\prefetch\STEAMSETUP.EXE-68B94D54.pf
Deleted file - C:\WINDOWS\prefetch\STEAMWEBHELPER.EXE-D4733806.pf
Deleted file - C:\WINDOWS\prefetch\STEAMWEBHELPER.EXE-D4733807.pf
Deleted file - C:\WINDOWS\prefetch\STEAMWEBHELPER.EXE-D4733808.pf
Deleted file - C:\WINDOWS\prefetch\STEAMWEBHELPER.EXE-D473380D.pf
Deleted file - C:\WINDOWS\prefetch\STEAMWEBHELPER.EXE-D473380E.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-117C4441.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-12266D0E.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-19B557B1.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-3D497EFC.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4B98D760.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4D0E9C8C.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-59780EBF.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-59D511F9.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-6493017E.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-6A4A44E7.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-73D024B2.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-764FA25C.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-7CA96BCB.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-852EC587.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-8CE690C0.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-952637C2.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-9A28EB78.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-9D041ABC.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-A79A44A2.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-BE3D0421.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C2DA4F6F.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C38EF8DD.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C4B64CAF.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C625B657.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C696140F.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-D5481872.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-D8C907E1.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-DDF1360E.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-EBBF67E6.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-F952D9A9.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-FA38241C.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGS.EXE-BE0858C5.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGSBROKER.EXE-15DEA84E.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGSBROKER.EXE-8BBE2894.pf
Deleted file - C:\WINDOWS\prefetch\TASKHOSTW.EXE-2E5D4B75.pf
Deleted file - C:\WINDOWS\prefetch\TASKKILL.EXE-BE180FC8.pf
Deleted file - C:\WINDOWS\prefetch\TASKMGR.EXE-4C8500BA.pf
Deleted file - C:\WINDOWS\prefetch\TEXTINPUTHOST.EXE-58D1C3A3.pf
Deleted file - C:\WINDOWS\prefetch\TIWORKER.EXE-4A8D0A39.pf
Deleted file - C:\WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
Deleted file - C:\WINDOWS\prefetch\UNPACK200.EXE-73C85D54.pf
Deleted file - C:\WINDOWS\prefetch\UPDATE.EXE-6D39563B.pf
Deleted file - C:\WINDOWS\prefetch\VCREDIST_X64.EXE-5D7451C9.pf
Deleted file - C:\WINDOWS\prefetch\VCREDIST_X86.EXE-4F04A94D.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X64.EXE-D6B7FF2C.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X64.EXE-E6325979.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X64.EXE-F52A0AF8.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X86.EXE-5AB6D967.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X86.EXE-6FA79240.pf
Deleted file - C:\WINDOWS\prefetch\VC_REDIST.X86.EXE-E6BA627C.pf
Deleted file - C:\WINDOWS\prefetch\VSSVC.EXE-6C8F0C66.pf
Deleted file - C:\WINDOWS\prefetch\VULKANDRIVERQUERY.EXE-2CBBE840.pf
Deleted file - C:\WINDOWS\prefetch\VULKANDRIVERQUERY64.EXE-A4F35522.pf
Deleted file - C:\WINDOWS\prefetch\WERFAULT.EXE-155C56CF.pf
Deleted file - C:\WINDOWS\prefetch\WEVTUTIL.EXE-1E154F39.pf
Deleted file - C:\WINDOWS\prefetch\WINLOGON.EXE-DEDDC9B6.pf
Deleted file - C:\WINDOWS\prefetch\WINSAT.EXE-C345C80B.pf
Deleted file - C:\WINDOWS\prefetch\WINSTORE.APP.EXE-59F59F0F.pf
Deleted file - C:\WINDOWS\prefetch\WLRMDR.EXE-A7C36FDD.pf
Deleted file - C:\WINDOWS\prefetch\WMIADAP.EXE-BB21CD77.pf
Deleted file - C:\WINDOWS\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
Deleted file - C:\WINDOWS\prefetch\WWAHOST.EXE-2CFA09D4.pf
Deleted file - C:\WINDOWS\prefetch\X64LAUNCHER.EXE-D0A4D235.pf
Deleted file - C:\WINDOWS\prefetch\ZAROS.EXE-FFE2E596.pf
Deleted file - C:\Windows\SoftwareDistribution\download\215fcdaf07e431fbde63f0b6b09c7908\c26aae5a-4a6e-4a6c-8efa-ec4f63238c76.AggregatedMetadata.cab
Deleted file - C:\Windows\SoftwareDistribution\download\215fcdaf07e431fbde63f0b6b09c7908\DesktopDeployment.cab
Deleted file - C:\Windows\SoftwareDistribution\download\6e4d6ac7216286d3c4de591faf916e37\compdb.xml.cab
Deleted file - C:\Windows\SoftwareDistribution\download\6e4d6ac7216286d3c4de591faf916e37\ExeUpdateAgentDeployment.cab
Deleted file - C:\Users\Andy\AppData\Local\temp\.ses
Deleted file - C:\Users\Andy\AppData\Local\temp\bmupdate.zip
Deleted file - C:\Users\Andy\AppData\Local\temp\codeint2799
Deleted file - C:\Users\Andy\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_amd64_20220511001531.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_amd64_20220511001531_000_vcRuntimeMinimum_x64.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_amd64_20220511001531_001_vcRuntimeAdditional_x64.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_amd64_20220511003005.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_x86_20220511001529.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_x86_20220511001529_000_vcRuntimeMinimum_x86.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_x86_20220511001529_001_vcRuntimeAdditional_x86.log
Deleted file - C:\Users\Andy\AppData\Local\temp\dd_vcredist_x86_20220511003004.log
Deleted file - C:\Users\Andy\AppData\Local\temp\DO1C84.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\ecache.bin
Deleted file - C:\Users\Andy\AppData\Local\temp\injectorlog.log
Deleted file - C:\Users\Andy\AppData\Local\temp\JavaDeployReg.log
Deleted file - C:\Users\Andy\AppData\Local\temp\jusched.log
Deleted file - C:\Users\Andy\AppData\Local\temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20220511_003001713-MSI_vc_red.msi.txt
Deleted file - C:\Users\Andy\AppData\Local\temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20220511_003001713.html
Deleted file - C:\Users\Andy\AppData\Local\temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20220511_002957184-MSI_vc_red.msi.txt
Deleted file - C:\Users\Andy\AppData\Local\temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20220511_002957184.html
Deleted file - C:\Users\Andy\AppData\Local\temp\MicrosoftEdgeUpdate.log
Deleted file - C:\Users\Andy\AppData\Local\temp\msedge_installer.log
Deleted file - C:\Users\Andy\AppData\Local\temp\NvTelemetryAPI64.dll.16.15.2.0{31A487DA-4102-49F6-B46F-D43DF5956B09}
Deleted file - C:\Users\Andy\AppData\Local\temp\sfamcc00001.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\sfareca00001.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\SFCDDCF.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\sfextra.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\SquirrelSetup.log
Deleted file - C:\Users\Andy\AppData\Local\temp\StructuredQuery.log
Deleted file - C:\Users\Andy\AppData\Local\temp\wct25CD.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wct7C9B.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wct7FDE.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wct7FDF.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wct8493.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wct9327.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wctAC42.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wctCDF6.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wctD4E8.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wctDA99.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\wmsetup.log
Deleted file - C:\Users\Andy\AppData\Local\temp\chrome_drag2816_1333817033\image0.jpeg
Deleted file - C:\Users\Andy\AppData\Local\temp\chrome_drag2816_619167884\image1.jpeg
Deleted file - C:\Users\Andy\AppData\Local\temp\jna-2045346\jna4502859424923287205.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\jna-2045346\jna4502859424923287205.dll.x
Deleted file - C:\Users\Andy\AppData\Local\temp\jna-2045346\jna4753613158775790920.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\jna-2045346\jna4753613158775790920.dll.x
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569.lck
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569\jln3208078838502352402.tmp
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569\jln3208078838502352402\natives\windows-i586\gluegen_rt.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569\jln3208078838502352402\natives\windows-i586\jogl_desktop.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569\jln3208078838502352402\natives\windows-i586\nativewindow_awt.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\jogamp_0000\file_cache\jln6544171860910248569\jln3208078838502352402\natives\windows-i586\nativewindow_win32.dll
Deleted file - C:\Users\Andy\AppData\Local\temp\NvTelemetry_WD\events.dat
Deleted file - C:\Users\Andy\AppData\Local\temp\NvTelemetry_WD\NvTelemetry.log
Deleted file - C:\Users\Andy\AppData\Local\temp\NvTelemetry_WD\telemetry_switch.ini
楗摮睯偉䌠湯楦畧慲楴湯畓捣獥晳汵祬映畬桳摥琠敨䐠华删獥汯敶慃档
The system cannot find the path specified.
========= End of Batch: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\WER9E8A.tmp => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28671825 B
Java, Flash, Steam htmlcache => 51816801 B
Windows/system/drivers => 11316 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8805534 B
Andy => 11166771 B
RecycleBin => 14679035080 B
EmptyTemp: => 13.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:37:00 ====
Last edited by a moderator:
Can you tell me how the machine is running now please.
Step1:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.
Step 2:
ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open... attach the report in your next reply.
Step1:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.
Step 2:
ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open... attach the report in your next reply.
My PC is acting the same, still having the same issue as in the other thread after the ZHP stuff.
I’ll have a look at zhp logs when I get off work today.
Disable windows 10 spyware with O&O software, this can chew up bandwidth as microsoft is constantly uploading various data from your machine.
Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.
Uninstall Useless to you windows apps with O&O App buster.
Security Check Scan.
Disable windows 10 spyware with O&O software, this can chew up bandwidth as microsoft is constantly uploading various data from your machine.
Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.
Uninstall Useless to you windows apps with O&O App buster.
Security Check Scan.
- Download Security Check to your desktop.
- Right click it run as administrator.
- When the program completes, the tool will automatically open a log file.
- Please Copy and paste that log here in your next post
Last edited:
Couldn't find out where to disable Windows 10 Spyware on the O&O Software, and I couldn't find out how to enable updates once a week with the Windows updater thing. But here is the security check scan:
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 13.05.2022 16:33:27
Path starting: C:\Users\Andy\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Andy
VersionXML: 9.77is-10.05.2022
___________________________________________________________________________
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0409)
Installation date OS: 11.05.2022 04:24:30
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [150.8 Gb] Free: [314.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
NVIDIA GeForce Experience 3.25.1.27 v.3.25.1.27
Steam v.2.10.91.91
Epic Games Launcher v.1.3.23.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.077.0410.0007
------------------------------- [ Imaging ] -------------------------------
ShareX v.13.7.0
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 333 (64-bit) v.8.0.3330.2
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.85.895.g2a71e1b8 [+]
------------------------------- [ Browser ] -------------------------------
Microsoft Edge v.101.0.1210.39
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 13.05.2022 16:33:27
Path starting: C:\Users\Andy\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Andy
VersionXML: 9.77is-10.05.2022
___________________________________________________________________________
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0409)
Installation date OS: 11.05.2022 04:24:30
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [150.8 Gb] Free: [314.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
NVIDIA GeForce Experience 3.25.1.27 v.3.25.1.27
Steam v.2.10.91.91
Epic Games Launcher v.1.3.23.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.077.0410.0007
------------------------------- [ Imaging ] -------------------------------
ShareX v.13.7.0
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 333 (64-bit) v.8.0.3330.2
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.85.895.g2a71e1b8 [+]
------------------------------- [ Browser ] -------------------------------
Microsoft Edge v.101.0.1210.39
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
Last edited by a moderator:
What ever options are listed to disable are considered spyware, so disabling all of them is pretty much standard for any machine that I am paid to work on.
It only give the option to disable or enable windows update, I am suggesting that you disable, and then re enable on your own with the tool when you are ready to update.
I am not seeing any malware on your machine, but this tool will be the last thing I suggest before I send you on your way.
I suggest a full scan with Kaspersky.
Disable Defender .....
Then download and unzip KillemAll to your desktop, double click the tool when on desktop, then hit enter twice, this will kill all non microsoft programs so it will free up resources to run the virus scan.
Download and run a full scan with the Kaspersky Virus Removal tool.
Accept the terms.
Click Change Parameters.
Select the System drive.
All volumes.
Click OK, start Scan.
Used the Kaspersky, had 0 issues with that as well. Think I'm good as far as malware is concerned, still having the same issue as in the other thread, thanks for the help though : )
This tool takes a couple hours to scan a machine. But I' ll close this and mark as solved.
- Status