1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

prework (2nd computer)

Discussion in 'Virus, Spyware and Malware Removal Help' started by Cristoff, May 28, 2015.

  1. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    Same as other pc just slowness and some download issues...Dell Inspiron 2330 Windows 8, x64 bit, i7 quad core
     

    Attached Files:

  2. Belahzur

    Belahzur Freedom Fighter Moderator iHF Regular Security Advisor

    Joined:
    May 6, 2014
    Messages:
    316
    Likes Received:
    98
    Trophy Points:
    38
    I do see some malware in there.

    Please download and run this tool.

    Download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.


    Post the contents of the MBAM Log.
     
  3. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    I hope I did it right

    Posting for better visibility ~DCiAdmin

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/28/2015
    Scan Time: 3:47:12 PM
    Logfile: malwarebytes.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.03.09.05
    Rootkit Database: v2015.05.24.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: NameHere_000

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 348847
    Time Elapsed: 8 min, 56 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.WebShield.A, C:\Users\NameHere_000\AppData\Local\WebShield, Quarantined, [1a5f261dafdb50e60ef9f1e3cb38fb05],

    Files: 1
    PUP.Optional.WebShield.A, C:\Users\NameHere_000\AppData\Local\WebShield\data2.dat, Quarantined, [1a5f261dafdb50e60ef9f1e3cb38fb05],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     

    Attached Files:

    Last edited by a moderator: May 28, 2015
  4. Pancake

    Pancake To Protect and Serve Moderator iHF Master Craftsman Security Advisor

    Joined:
    May 5, 2014
    Messages:
    1,216
    Likes Received:
    168
    Trophy Points:
    73
    How are things running now. Any better ?
     
  5. Cameldung

    Cameldung I Like It Here iHF Veteran Advisor WCG Team Member

    Joined:
    May 17, 2014
    Messages:
    5,381
    Likes Received:
    2,231
    Trophy Points:
    323
    Not qualified to butt in here, looking at the logfile. Suggest when using Malwarebytes it would be advisable to select "scan for rootkits" which is disabled by default.

    2015-05-29_140622.jpg
     
    driver_ian, veeg and DCiAdmin like this.
  6. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    I clicked on that...do I need to run another scan now or just let it happen when the next scheduled scan runs?
     
  7. Pancake

    Pancake To Protect and Serve Moderator iHF Master Craftsman Security Advisor

    Joined:
    May 5, 2014
    Messages:
    1,216
    Likes Received:
    168
    Trophy Points:
    73
    Lets do one last scan to confirm all is well.

    I'd like you to scan your machine with ESET OnlineScan

    (1) Click on the following link to open ESET OnlineScan in a new window. http://eset.com/onlinescan
    (2) Click the ESET OnlineScanner button.


    Click on to download the ESET Smart Installer. Save it to your desktop.
    Double click on the ESET Smart Installer icon on your desktop.

    Click the Start button.
    Accept any security warnings from your browser.
    Check Scan Archives
    Click the Start button.
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, push List of found threats
    Click Export to text file, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Click the Back button.
    Click Finish
     
  8. Cameldung

    Cameldung I Like It Here iHF Veteran Advisor WCG Team Member

    Joined:
    May 17, 2014
    Messages:
    5,381
    Likes Received:
    2,231
    Trophy Points:
    323
    Your logfile showed it was deselected, have it selected for any future scans unless told otherwise. Leave you in the hands of the experts.
     
  9. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Download Rogue Killer and save it to your Desktop, you will need the version compatible with your machine.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.





    Please download and save FRST 64bit or FRST 32 bit to your Desktop.


    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  10. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    From the looks of it from your logs, you have followed this thread.
    http://ihelpforum.com/threads/slow-computer.47752/

    Please provide all the logs from the tools that you have ran, I see:

    hitmanpro37.sys
    MWAVSCAN.
    zoek-delete.exe
    adware.rtf
    JRT
    ADware Cleaner

    What other tools have you ran?

    I would like you to run this tool as well. Reason Core Security
    Install the program and run a Full Scan, then remove any infections found, this is a free program as well. It will run alongside your current antivirus with no issues.

    [​IMG]

    [​IMG]
     
  11. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    ty everyone here is the eset log

    I think this is everything

    and this

    Code:
    HitmanPro 3.7.9.241
    www.hitmanpro.com
    
       Computer name . . . . : WINDOWS-K3T24CV
       Windows . . . . . . . : 6.2.0.9200.X64/8
       User name . . . . . . : WINDOWS-K3T24CV\kgave_000
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
    
       Scan date . . . . . . : 2015-05-28 10:55:30
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 2m 59s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : Yes
    
       Threats . . . . . . . : 4
       Traces  . . . . . . . : 62
    
       Objects scanned . . . : 1,800,019
       Files scanned . . . . : 49,428
       Remnants scanned  . . : 393,379 files / 1,357,212 keys
    
    Malware _____________________________________________________________________
    
       C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll -> PendingDelete
          Size . . . . . . . : 1,240,568 bytes
          Age  . . . . . . . : 0.0 days (2015-05-28 10:37:48)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : BC6C40FE10AF1CA738A2EC483FD4E78984BDF5D60830B812D678CD447644CD7B
          Version  . . . . . : 1.0.0.1
          Copyright  . . . . : Copyright (C) 2014
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
        > Bitdefender  . . . : Adware.PullUpdate.T
          Fuzzy  . . . . . . : 104.0
          Forensic Cluster
             -21.0s C:\Windows\Prefetch\DLLHOST.EXE-E6E6216F.pf
              0.0s C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll
              0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe
              0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe.config
              0.0s C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll
              0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe
              0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe.config
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\doomed\
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\
              0.7s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\webapps\webapps.json
              1.0s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\VDyPuhkU.exe.log
              1.1s C:\Windows\Prefetch\VDYPUHKU.EXE-00B709ED.pf
              1.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F4D302C4958C92DC08C2E6D3247461253828625E
              2.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\FAC9DE5511B165F75A6AE9E2EEEFCEBEC5B68216
              2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D990F09B75BB8194FD9F6DC1ABA201A4DCB1DFC
              2.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3101F89C359C3250BF9B212B5651079F1980870E
              2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\96F22410F2D15D2E619D83B828E74B629483F9D8
              2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFAD5322766E6D562457324A731E79D5EEAD0FEC
              3.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D504BCE873AAEB65D2B1EBAF7FBB58267E15627
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F99A63FACEB3C68DAC680BEF0D2DA333C92357C4
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F2732FD2F5F54923124EFE3902076D73EB669772
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C492BCF336CB9591DFBA2E8F076FCD9AD0AF00A1
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\54B19389C36ED7FE56DC3D0FB95B0E2B54566088
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E20380ED7C59FC2E3FBCEDB15C79F36B5390EE6D
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8EED0C9352D767F87773875FFBE8DD576FA89BBF
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\95F8A75C307961E7B2DF321E00C34ED0B64EBD8B
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CC63FF3D2C056691DF1520CFF7FC2795B6892F07
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\108717780C06983CCF6CD295FF7D4EF7CCD6947B
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\20DAE5A43BD6A334E224EE74A38583D19BD26257
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\806B3176E707898EE5A41858CAC9A3DE85705025
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\40695902D1189B3F08500154AA4EA1EF4DE77408
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C626F2BF6A46B580B1344BFD9F04DA11CE8278B1
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1FE2FBB6D9A028D022EF2F137E01A6E27F17B135
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6348244CAB0424C9954802233C6655AEFD438CDB
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\94BDDD7FF6CB726B9ABB1348345D0755B5D5BF3F
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2C988D1B58D236DA131C83FC3FD509204EAD06A7
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E9D25CF48F6B58835E9F91FD1D89C1B8AD315B6D
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6596E6DE1318F2AA58D51350F7F8C58394937478
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\497C4885E3F6E3F3D4111F5BAD8B378CD7623C4B
              3.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E1FF6F6BE3375F101F5466363EE4D08F98EB26C2
              3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\7FD4BDCF3DEF4DB7C5571FF49DC08F150F090B66
              3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D47C99CC19F2468FE9DDCCD5DC5AF88B603AEBAD
              3.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\15FC164D4B310986A97D3193A050F8E365C3C264
              3.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12447ed8155a2d36740fe56071906c00_c2eb18e8-a707-49c2-be16-8ccf431d7109
              3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1652B3B65E99235B758DC6413FE9BFB19D1765CB
              3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C16DB23BC8F514646F35FD664700DF7D91B55C27
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F354EF739CB31FB22C3FB1D44F214C82DC27B106
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3C069B76E051E4402441F6FAD96B5AF728D379B0
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1C82FB285527DE85195B740F16F4018AE6EF94EF
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFD3A838635CE278BEBB1B3E1C74E9603CA0DE7D
              4.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\45512653112E9C19B49308CCF8954936ED78DDCC
              4.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2D88181756C099B04775A3838C4CDB4AD63FD84E
              4.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CA302F67F21FC2283B285F13F48B45CF1FFE8A69
              5.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8BA07BBB7E198324EFD2F0AFA9417AF3EC49A208
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6A1B775FFDE3928650937F908F49A8DB574B3C6A
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3322213546E64E56E67BE783031CE505F3F7B65D
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6CBF8B16356DF538EC1BD692EDBC8CAE8E48584
              6.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6F6A24DF923A4BD43FA5CB4E50415CEC8965184
              6.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\EE7632E6A31A2B65BA9BED295510B60EFF9D8D65
              6.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D1A0B0C61DFF5B4F1EDCB70536DDA0C40D009295
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.sbstore
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.sbstore
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.sbstore
              7.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.sbstore
              7.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.cache
              7.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.sbstore
              7.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.cache
              7.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.sbstore
              8.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.cache
              8.5s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\prefs.js.old
              8.6s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\xulstore.json
              8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F1B5C3EDE100D4A38A0A28F1CEF6FAEFB619EC1B
              8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\929BCF811537CE5A1B05BC367E7D5FCD9D1512C2
             11.4s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
    
       C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll -> PendingDelete
          Size . . . . . . . : 1,455,096 bytes
          Age  . . . . . . . : 0.0 days (2015-05-28 10:37:48)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : 1DB630F8E37D11A63403B033BC65970038DF7D91610A236A9F81BFF48D91012D
          Version  . . . . . : 1.0.0.1
          Copyright  . . . . : Copyright (C) 2014
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
        > Bitdefender  . . . : Adware.PullUpdate.T
        > Kaspersky  . . . . : not-a-virus:AdWare.Win64.Agent.y
          Fuzzy  . . . . . . : 104.0
          Forensic Cluster
             -21.0s C:\Windows\Prefetch\DLLHOST.EXE-E6E6216F.pf
             -0.0s C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll
             -0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe
              0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe.config
              0.0s C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll
              0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe
              0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe.config
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\doomed\
              0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\
              0.7s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\webapps\webapps.json
              1.0s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\VDyPuhkU.exe.log
              1.0s C:\Windows\Prefetch\VDYPUHKU.EXE-00B709ED.pf
              1.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F4D302C4958C92DC08C2E6D3247461253828625E
              2.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\FAC9DE5511B165F75A6AE9E2EEEFCEBEC5B68216
              2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D990F09B75BB8194FD9F6DC1ABA201A4DCB1DFC
              2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3101F89C359C3250BF9B212B5651079F1980870E
              2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\96F22410F2D15D2E619D83B828E74B629483F9D8
              2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFAD5322766E6D562457324A731E79D5EEAD0FEC
              3.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D504BCE873AAEB65D2B1EBAF7FBB58267E15627
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F99A63FACEB3C68DAC680BEF0D2DA333C92357C4
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F2732FD2F5F54923124EFE3902076D73EB669772
              3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C492BCF336CB9591DFBA2E8F076FCD9AD0AF00A1
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\54B19389C36ED7FE56DC3D0FB95B0E2B54566088
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E20380ED7C59FC2E3FBCEDB15C79F36B5390EE6D
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8EED0C9352D767F87773875FFBE8DD576FA89BBF
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\95F8A75C307961E7B2DF321E00C34ED0B64EBD8B
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CC63FF3D2C056691DF1520CFF7FC2795B6892F07
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\108717780C06983CCF6CD295FF7D4EF7CCD6947B
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\20DAE5A43BD6A334E224EE74A38583D19BD26257
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\806B3176E707898EE5A41858CAC9A3DE85705025
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\40695902D1189B3F08500154AA4EA1EF4DE77408
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C626F2BF6A46B580B1344BFD9F04DA11CE8278B1
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1FE2FBB6D9A028D022EF2F137E01A6E27F17B135
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6348244CAB0424C9954802233C6655AEFD438CDB
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\94BDDD7FF6CB726B9ABB1348345D0755B5D5BF3F
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2C988D1B58D236DA131C83FC3FD509204EAD06A7
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E9D25CF48F6B58835E9F91FD1D89C1B8AD315B6D
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6596E6DE1318F2AA58D51350F7F8C58394937478
              3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\497C4885E3F6E3F3D4111F5BAD8B378CD7623C4B
              3.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E1FF6F6BE3375F101F5466363EE4D08F98EB26C2
              3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\7FD4BDCF3DEF4DB7C5571FF49DC08F150F090B66
              3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D47C99CC19F2468FE9DDCCD5DC5AF88B603AEBAD
              3.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\15FC164D4B310986A97D3193A050F8E365C3C264
              3.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12447ed8155a2d36740fe56071906c00_c2eb18e8-a707-49c2-be16-8ccf431d7109
              3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1652B3B65E99235B758DC6413FE9BFB19D1765CB
              3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C16DB23BC8F514646F35FD664700DF7D91B55C27
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F354EF739CB31FB22C3FB1D44F214C82DC27B106
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3C069B76E051E4402441F6FAD96B5AF728D379B0
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1C82FB285527DE85195B740F16F4018AE6EF94EF
              3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFD3A838635CE278BEBB1B3E1C74E9603CA0DE7D
              4.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\45512653112E9C19B49308CCF8954936ED78DDCC
              4.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2D88181756C099B04775A3838C4CDB4AD63FD84E
              4.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CA302F67F21FC2283B285F13F48B45CF1FFE8A69
              5.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8BA07BBB7E198324EFD2F0AFA9417AF3EC49A208
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6A1B775FFDE3928650937F908F49A8DB574B3C6A
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3322213546E64E56E67BE783031CE505F3F7B65D
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6CBF8B16356DF538EC1BD692EDBC8CAE8E48584
              6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6F6A24DF923A4BD43FA5CB4E50415CEC8965184
              6.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\EE7632E6A31A2B65BA9BED295510B60EFF9D8D65
              6.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D1A0B0C61DFF5B4F1EDCB70536DDA0C40D009295
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.sbstore
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.sbstore
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.cache
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.pset
              7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.sbstore
              7.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.sbstore
              7.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.cache
              7.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.sbstore
              7.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.cache
              7.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.sbstore
              8.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.cache
              8.4s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\prefs.js.old
              8.6s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\xulstore.json
              8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F1B5C3EDE100D4A38A0A28F1CEF6FAEFB619EC1B
              8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\929BCF811537CE5A1B05BC367E7D5FCD9D1512C2
             11.4s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
    
       C:\Users\kgave_000\Downloads\ChromeSetup(1).exe -> Quarantined
          Size . . . . . . . : 550,928 bytes
          Age  . . . . . . . : 0.1 days (2015-05-28 09:41:56)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : BCE0A49E22A2DBC5BE34A39FDE3806AB4A5C6F5D1BFC778DC5764BBC01C90AC2
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
        > Bitdefender  . . . : Application.Bundler.SoftPulse.P
          Fuzzy  . . . . . . : 113.0
          Forensic Cluster
             -131.9s C:\Windows\Prefetch\CLICKONCE_BOOTSTRAP.EXE-E0B126E3.pf
             -128.6s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\
             -128.6s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\clickonce_bootstrap.exe.log
             -121.2s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\devinv.dll
             -118.4s C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-138A0B78.pf
             -117.1s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-9C8CF738.pf
             -95.5s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C5475B42.pf
             -74.3s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\aeinv.dll
             -69.1s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\aepdu.dll
             -68.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_1_95268617_out.pdbqt
             -67.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_input.txt
             -66.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_1712899117_log.txt
             -61.2s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c4ec40840ea16a1e2b57db26fa7edba_c2eb18e8-a707-49c2-be16-8ccf431d7109
             -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c097216aeda1f55509a0ab861a4924a8_c2eb18e8-a707-49c2-be16-8ccf431d7109
             -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d2fd27defea37ec4b59fe4f6791df1b_c2eb18e8-a707-49c2-be16-8ccf431d7109
             -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8137c325471b4381b3ef9a793793050c_c2eb18e8-a707-49c2-be16-8ccf431d7109
             -21.6s C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf
             -19.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\healthreport.sqlite-wal
             -19.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\healthreport.sqlite-shm
              0.0s C:\Users\kgave_000\Downloads\ChromeSetup(1).exe
              0.8s C:\Windows\Prefetch\DISMHOST.EXE-6FFF425B.pf
             12.8s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_22F4F1EB61E68CAF59BE26E97DD01E13
             12.8s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_22F4F1EB61E68CAF59BE26E97DD01E13
             17.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861
             17.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861
             17.9s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_BCD82115381B0E06DB56FB568B7E0AAC
             17.9s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_BCD82115381B0E06DB56FB568B7E0AAC
             18.3s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-http_31bf3856ad364e35_6.2.9200.16556_none_05ad17d1a284fc38\http.sys
             31.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\752e2a1b3519661a8303509264881fcb_c2eb18e8-a707-49c2-be16-8ccf431d7109
             35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.voucher
             35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.info
             35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.dll
             35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\
             35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\
             61.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_2480BD6C9A6442544C7A76730F0ED7CE
             61.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_2480BD6C9A6442544C7A76730F0ED7CE
             61.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaf3d3950a15f60f7f485b069e29d09c_c2eb18e8-a707-49c2-be16-8ccf431d7109
             62.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C437972632A488222EA069E1572887C7_E81144BDDDC27FF2BA4B139FD0BFC2A9
             62.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C437972632A488222EA069E1572887C7_E81144BDDDC27FF2BA4B139FD0BFC2A9
             62.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07a9ea0976ad938d856078186235498c_c2eb18e8-a707-49c2-be16-8ccf431d7109
             64.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_3A19103BB32475275B90020DB5564F74
             64.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_3A19103BB32475275B90020DB5564F74
             64.5s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e87b9c17ccb92e55a5c1358b9582ed2_c2eb18e8-a707-49c2-be16-8ccf431d7109
             65.5s C:\Windows\Prefetch\WMIC.EXE-216D3361.pf
             65.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_F38817DE8A99EEEC3AD2E6CFE6147F19
             65.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_F38817DE8A99EEEC3AD2E6CFE6147F19
             66.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2d308b7f2e0ac5179f0b9a69be55e90_c2eb18e8-a707-49c2-be16-8ccf431d7109
             74.2s C:\Windows\Prefetch\SETUP.EXE-BC37C772.pf
             74.4s C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\StormWatchappuninstall.exe.vir
             74.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\StormWatch\Uninstall StormWatch.lnk.vir
             75.2s C:\Windows\Prefetch\STORMWATCHSRV.EXE-3F78F29A.pf
             77.4s C:\Windows\Prefetch\STORMWATCHSETUP.EXE-6328CEAA.pf
             77.8s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\StormWatch\StormWatchApp.dat.vir
             79.8s C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\uninstall.exe.vir
             80.0s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\StormWatch.lnk.vir
             80.0s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk.vir
             81.7s C:\Windows\WinSxS\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_10.0.9200.17296_none_5440d56f1513b0a2\urlmon.dll
             82.2s C:\Windows\Prefetch\SCHTASKS.EXE-0AD36442.pf
             83.8s C:\Windows\Prefetch\ONESYSTEMCARE.EXE-6294D512.pf
             84.4s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
             84.4s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
             84.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
             84.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
             85.0s C:\Windows\Prefetch\SETUP.EXE-26939C56.pf
             85.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
             85.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
             85.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
             85.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_4517BB8BCBB4E8835735D26085BECE1A
             85.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_4517BB8BCBB4E8835735D26085BECE1A
             85.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
             86.3s C:\Windows\Prefetch\STORMWATCHAPP.EXE-EE999F48.pf
             87.9s C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch\StormWatchSrv.dat.vir
             88.4s C:\Windows\Prefetch\STORMWATCH2_0.EXE-895E7612.pf
             89.5s C:\ProgramData\cxAKuEt\
             89.5s C:\ProgramData\cxAKuEt\info.dat
             89.5s C:\ProgramData\cxAKuEt\wJdOBsumMe.dat
             89.6s C:\ProgramData\cxAKuEt\wJdOBsumMe.exe
             89.6s C:\ProgramData\cxAKuEt\wJdOBsumMe.exe.config
             90.0s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
             90.0s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
             90.2s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
             90.2s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
             90.9s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\IEClearCache.exe.log
             90.9s C:\Windows\Prefetch\IECLEARCACHE.EXE-0C4E7FA9.pf
             91.7s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebShieldInstall.exe.log
             91.7s C:\Windows\Prefetch\WEBSHIELDINSTALL.EXE-C69103AA.pf
             91.9s C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\app.dat.vir
             91.9s C:\Windows\Prefetch\ONESYSTEMCARE.EXE-2CCD2217.pf
             92.1s C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\data.dat.vir
             92.7s C:\Users\kgave_000\AppData\Local\Packages\windows_ie_ac_001\AC\WebShield\
             92.7s C:\Users\kgave_000\AppData\Local\Packages\windows_ie_ac_001\AC\WebShield\data.dat
             92.8s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_10.0.9200.17267_none_543dbdc915167e3e\urlmon.dll
             92.8s C:\Windows\Prefetch\SWUPDATERSVC.EXE-3FE52C5E.pf
             93.7s C:\Program Files (x86)\Google\Update\
             94.2s C:\Windows\Prefetch\PING.EXE-CF0A440C.pf
             94.3s C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
             94.7s C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
             94.7s C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
             96.1s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_usbt2h442ct3xjfow5su3qyydefw1pax\2.0.0.0\user.config.vir
             96.3s C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job
             98.5s C:\Windows\Prefetch\GAMES DESKTOP.EXE-20F5B97C.pf
             98.6s C:\Windows\Prefetch\GAMES DESKTOP.TMP-7A32B2F7.pf
             98.6s C:\Windows\Prefetch\STORMWATCH.EXE-7B995E9B.pf
             99.0s C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
             99.4s C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72
             99.5s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_1712899117_out.pdbqt
             100.2s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_3_input.txt
             100.5s C:\Windows\Prefetch\WJDOBSUMME.EXE-F374C465.pf
             101.3s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_3_1657524677_log.txt
             101.7s C:\Windows\Prefetch\CHROMESETUP.EXE-D40011CB.pf
             103.5s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-6C5735E6.pf
             103.6s C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-C0E9A0C4.pf
             103.9s C:\Windows\Prefetch\POWERSHELL.EXE-E69E0788.pf
             103.9s C:\Windows\Prefetch\CMD.EXE-2EB3E6E2.pf
             103.9s C:\Program Files (x86)\Google\Update\Download\
             108.1s C:\Windows\Prefetch\TASKKILL.EXE-3D8A2F61.pf
             111.7s C:\Windows\Prefetch\7ZA.EXE-318B6994.pf
             115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\gmsd_us_624.exe.vir
             115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\predm.exe.vir
             115.5s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\upgmsd_us_624.exe.vir
             115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\gamesdesktop_widget.exe.vir
             115.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.dat.vir
             115.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.exe.vir
             116.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk.vir
             116.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.msg.vir
             117.7s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\upgmsd_us_624.cyl.vir
             118.4s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\gmsd_us_624\1.20\cnf.cyl.vir
             127.2s C:\Windows\Prefetch\TASKLIST.EXE-74FDEEA1.pf
             127.5s C:\Windows\Prefetch\UPGMSD_US_624.EXE-26CFCFB9.pf
             128.3s C:\Windows\Prefetch\GMSD_US_624.EXE-1431C8B5.pf
             136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\
             136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\43.0.2357.81\
             136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\43.0.2357.81\43.0.2357.81_chrome_installer.exe
             139.9s C:\Program Files (x86)\Google\Chrome\
             143.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrome.7z
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Extensions\
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\
             146.5s C:\Windows\Prefetch\SETUP.EXE-35A07AD2.pf
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\natives_blob.bin
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\snapshot_blob.bin
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\docs.crx
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\drive.crx
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\gmail.crx
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\search.crx
             146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\youtube.crx
             146.6s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\icudtl.dat
             146.6s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome.dll
             147.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_child.dll
             148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_elf.dll
             148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_watcher.dll
             148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\d3dcompiler_47.dll
             148.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\ffmpegsumo.dll
             148.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
             148.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libexif.dll
             148.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
             148.7s C:\Windows\Prefetch\43.0.2357.81_CHROME_INSTALLER-17E23FA0.pf
             148.8s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\metro_driver.dll
             148.9s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
             149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\widevinecdmadapter.dll
             149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\xinput1_3.dll
             149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe
             149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
             149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Extensions\external_extensions.json
             149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\43.0.2357.81.manifest
             149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\manifest.json
             149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\external_extensions.json
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\am.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ar.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\bg.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\bn.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ca.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl_irt_x86_32.nexe
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl_irt_x86_64.nexe
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\cs.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\da.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\de.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\el.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\en-GB.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\en-US.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\es-419.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\es.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\et.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_100_percent.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_200_percent.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fa.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fi.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fil.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fr.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\gu.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\he.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hi.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hr.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hu.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\id.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\it.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ja.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\kn.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ko.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\lt.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\lv.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ml.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\mr.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ms.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\nb.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\nl.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pl.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pt-BR.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pt-PT.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\resources.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ro.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ru.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sk.pak
             149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sl.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\logo.png
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\smalllogo.png
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\splash-620x300.png
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sr.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sv.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sw.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ta.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\te.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\th.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\tr.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\uk.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\vi.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\zh-CN.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\zh-TW.pak
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\secondarytile.png
             149.3s C:\Program Files (x86)\Google\Chrome\Application\VisualElementsManifest.xml
             149.3s C:\Program Files (x86)\Google\Chrome\Application\
             149.3s C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\setup.exe
             149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
             149.4s C:\Program Files (x86)\Google\Chrome\Application\master_preferences
             149.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\
             149.4s C:\Users\kgave_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
             149.4s C:\Users\Public\Desktop\Google Chrome.lnk
             149.5s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
             149.7s C:\Users\kgave_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
             152.6s C:\Windows\Prefetch\GOOGLEUPDATEONDEMAND.EXE-0C1C5DB4.pf
             155.1s C:\ProgramData\cxAKuEt\dat\
             157.2s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Cache\
             159.6s C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf
             163.8s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\PQOswBXEuy.exe.log
             164.4s C:\Windows\Prefetch\PQOSWBXEUY.EXE-E7CEA000.pf
    
       C:\Users\kgave_000\Downloads\Fun_Games.exe -> Deleted
          Size . . . . . . . : 1,255,600 bytes
          Age  . . . . . . . : 261.5 days (2014-09-08 22:54:43)
          Entropy  . . . . . : 7.7
          SHA-256  . . . . . : C695F1445C5B3F4227B54288A72ECF31C1035CE1B6B117EF8B55415668DCF6D1
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
        > Bitdefender  . . . : Gen:Variant.Application.Bundler.SoftPulse.8
        > Kaspersky  . . . . : not-a-virus:AdWare.Win32.SoftPulse.p
          Fuzzy  . . . . . . : 107.0
    
    
    Suspicious files ____________________________________________________________
    
       C:\Users\kgave_000\Desktop\FRST.exe
          Size . . . . . . . : 1,115,648 bytes
          Age  . . . . . . . : 134.9 days (2015-01-13 12:13:46)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : FAF5179C2772F9F1CD61CF2E85BDCA567B5C776C404D0EFF5B1A0EEB82B71411
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 22.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    
       C:\windows\mod_frst.exe
          Size . . . . . . . : 430,080 bytes
          Age  . . . . . . . : 139.5 days (2015-01-08 23:57:36)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : 1A4F003A36F73127419BE7611A2C5664524EF0D5668AB2993D5D483DCF3491F2
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 24.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    
    
    Potential Unwanted Programs _________________________________________________
    
       HKLM\SOFTWARE\Classes\AppID\ConsumerInputUpdate.exe\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine.1.0\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\ConsumerInputUpdate.exe\ (ConsumerInput) -> PendingDelete
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> PendingDelete
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> PendingDelete
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9147B929-DCC3-4187-B1BE-5B12DDAB7D20}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\ (PCOptimizerPro) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{268205B6-13E6-4FA2-A1EF-84E4E59F3F1B}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2A142934-F3E4-4D68-A360-3FE35783E849}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{37EB1FA3-2181-4EED-8C9F-363068501901}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{41E3E6E6-3E50-4F6E-A1F8-1E24440BC6F8}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4F3440C0-EB6A-46F2-94D8-2D74A0D21C5D}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{52C0A3BA-1DE8-477D-91F4-F82D3824C304}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{55D12CB4-DA12-43D6-8100-90174ABBB84F}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{58AC6DE8-F15B-4C6A-91D7-B8FA6A2F4169}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{592DA852-5C4E-49F8-88BC-EA0A893180C6}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5A43377F-504A-4FC4-8575-9C98997788BF}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5E8F3A92-7544-482D-9D34-FFD702697D16}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7096D298-02B5-4AE9-94E1-C16E27553D17}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{837641EA-9158-43EE-B2A1-9CEDC5CBD98F}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{977ED000-4ECA-454D-AEA2-11824E57A043}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AC992757-3DEC-43C4-8D9D-AA82F8A857E4}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C59D48E5-082B-4BB6-9838-BA261C4FBD5C}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CB21D37D-1DD1-444A-AB6A-AE623DF7B4E4}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CCE83B2E-3794-41FC-8179-46BFEA22148A}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3B8A2CD-70B5-49A4-BFD6-0180BE487A4C}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FA326D8A-B632-4BCE-858E-12271ABAF613}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FB3B0E75-E48E-47C4-BA52-57B7F6E38510}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FFA4D25D-8411-40F8-919D-3C4CD94FBD29}\ (ConsumerInput) -> Deleted
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}\ (ConsumerInput) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Classes\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\ConsumerInput\ (ConsumerInput) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
       HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> PendingDelete
       HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> PendingDelete
    
    Cookies _____________________________________________________________________
    
       C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
    
    
    
    i have another thread going (prework) about my other computer...should I download Reason Core to it as well?

    some how missed doing this one...

    RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : kgave_000 [Administrator]
    Started from : C:\Users\kgave_000\Downloads\RogueKillerX64.exe
    Mode : Delete -- Date : 05/30/2015 04:25:30

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 14 ¤¤¤
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.dell.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.dell.com -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] $McRebootA5E6DEAA56$.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [LNK@] C:\Windows\System32\cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk" -> Deleted

    ¤¤¤ Hosts File : 35 ¤¤¤
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 media.opencandy.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 api.opencandy.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
    [C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
    --- User ---
    [MBR] 205c2167109ad866a9683059cdc6e6d5
    [BSP] 4c044e36c61bcb814ca369b167b49c8a : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 2048 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 4196352 | Size: 500 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 5220352 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 5482496 | Size: 1897237 MB
    4 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3891023872 | Size: 7814 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_05302015_035535.log
     

    Attached Files:

    Last edited by a moderator: May 30, 2015
  12. Pancake

    Pancake To Protect and Serve Moderator iHF Master Craftsman Security Advisor

    Joined:
    May 5, 2014
    Messages:
    1,216
    Likes Received:
    168
    Trophy Points:
    73
    I will bow out and let Mal continue with the cleanup. :mrgreen:
     
  13. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Can you please post a new FRST log after you have ran a full scan with Reason Core security and 9-lab and removed all threats found from each. When you re-run FRST make sure and tick additon.txt

    Also disable useless start up items with Ccleaner, you have it installed.

    [​IMG]

    Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

    [​IMG]

    Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

    To do this:
    • Hit options.
    • Settings.
    • Place a tick to run Ccleaner when the computer starts.


    [​IMG]

    Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

    [​IMG]

    Reboot your machine and then follow the instructions below.


    9-Lab Scan

    Download 9-Lab Removal Tool. from one of the links below.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

    Install the program onto your computer, then right click the icon [​IMG] run as administrator.

    Go to the Update tab and update the program.

    [​IMG]

    Now go to the scanner tab and select Full Scan.

    [​IMG]

    Upon Scan Completion Click Show Results.

    [​IMG]

    Now click the Clean button.

    [​IMG]

    Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.
     
  14. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Run a full scan with Zemana antimalware.
    http://www.zemana.us/product/zemana-antimalware/default.aspx
    Install and select deep scan.
    [​IMG]
    Remove any infections found.
    Then click on the icon in the pic below.
    [​IMG]
    Double click on the scan log, copy and paste here in your reply.

    Download and save ZHP Cleaner to your desktop.
    http://www.nicolascoolman.fr/download/zhpcleaner-2/
    Right Click and run as administrator.
    Click on the Repair button.
    At the end of the process you will be asked to reboot your machine.
    After you reboot a report will open on your desktop.
    Copy and paste the report here in your next reply.
     
  15. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    ty so much...here are the new logs. I have a question about the start up task you asked me to do. Do I stop everything (except the antivirus) on all the tabs i.e...explorer, firefox, google, etc... I have left the boinc manager and tray running as I like to have those on at all times (I think) so that I am always computing for the team

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
    Ran by kgave_000 (administrator) on WINDOWS-K3T24CV on 31-05-2015 06:13:22
    Running from C:\Users\kgave_000\Downloads
    Loaded Profiles: kgave_000 (Available Profiles: kgave_000)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe
    (Joyent, Inc) C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\node.exe
    () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
    (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (Alcatel-Lucent) C:\Program Files\ATT\8.5.0.48\ma\bin\pcTrayApp.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549648 2012-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.0.48\ma\bin\pcTrayApp.exe [2886144 2015-01-22] (Alcatel-Lucent)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-03-09] (Space Sciences Laboratory)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
    HKLM-x32\...\Run: [GestureDemo] => C:\Program Files (x86)\DELL\Dell TP713 Gesture Demo\StringResources.exe [471552 2012-09-20] (DELL)
    HKLM-x32\...\Run: [Dell TP713 Wireless Touchpad Agent] => C:\Program Files (x86)\DELL\Dell TP713 Wireless TouchPad Agent\Dell TP713 Wireless Touchpad Agent.exe [117760 2012-09-26] (Dell)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
    HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8926016 2015-03-09] (Space Sciences Laboratory)
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\MountPoints2: {175bb8eb-c476-11e4-bf86-9c2a7073f7ae} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-314854818-391394627-198496169-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> (None)
    Startup: C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-01]
    ShortcutTarget: Dropbox.lnk -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-28] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-314854818-391394627-198496169-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-28] (Avast Software s.r.o.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-08-08] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-08-08] (Oracle Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll [2014-12-09] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-08-08] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-08-08] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [2015-01-22] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.1 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-08-27] (Alcatel-Lucent)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\searchplugins\yahoo-avast.xml [2015-01-06]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-05-27]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-23]

    Chrome:
    =======
    CHR Profile: C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
    CHR Extension: (Google Docs) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
    CHR Extension: (Google Drive) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
    CHR Extension: (WOT) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-09]
    CHR Extension: (YouTube) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
    CHR Extension: (Adblock Plus) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-09]
    CHR Extension: (Google Search) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
    CHR Extension: (Google Sheets) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
    CHR Extension: (Bookmark Manager) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
    CHR Extension: (Avast Online Security) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-06]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
    CHR Extension: (Gmail) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
    CHR HKLM-x32\...\Chrome\Extension: [kofilaoejfjbjfopdnckahcidedndnln] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-13]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
    R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe [321024 2015-01-22] (Alcatel-Lucent) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-28] (Avast Software s.r.o.)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
    R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2014-09-10] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2014-09-10] (Alcatel-Lucent) [File not signed]
    S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2014-11-06] () [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [164600 2015-05-30] ()
    R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1919336 2012-08-06] (SoftThinks SAS)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-28] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-28] (Avast Software s.r.o.)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-28] (Avast Software s.r.o.)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-28] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-28] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-28] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-28] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-28] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-28] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-28] ()
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-11-17] (Glarysoft Ltd)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 FintekCIR; C:\Windows\System32\drivers\FintekCIR.sys [33128 2012-06-07] (Fintek)
    S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
    R3 L1C; C:\Windows\system32\DRIVERS\L1C60x64.sys [106096 2011-11-15] (Atheros Communications, Inc.)
    S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-08] (Atheros)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-08-08] (Qualcomm Atheros Communications Inc.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
    S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-28] (BitDefender S.R.L.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-31 02:00 - 2015-05-31 02:00 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\CrashDumps
    2015-05-30 08:30 - 2015-05-30 22:31 - 00039561 _____ () C:\windows\WindowsUpdate.log
    2015-05-30 04:27 - 2015-05-30 04:27 - 00006883 _____ () C:\Users\kgave_000\Desktop\RKreport_DEL_05302015_042530.log
    2015-05-30 03:41 - 2015-05-30 04:27 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-30 03:41 - 2015-05-30 03:41 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2015-05-30 03:40 - 2015-05-30 03:40 - 20781656 _____ () C:\Users\kgave_000\Downloads\RogueKillerX64.exe
    2015-05-30 02:22 - 2015-05-30 02:22 - 00000000 ____D () C:\ProgramData\Reason
    2015-05-30 02:21 - 2015-05-30 02:21 - 00003556 _____ () C:\windows\System32\Tasks\ReasonSecurityScheduledScan
    2015-05-30 02:21 - 2015-05-30 02:21 - 00003456 _____ () C:\windows\System32\Tasks\ReasonSecurityStart
    2015-05-30 02:21 - 2015-05-30 02:21 - 00000873 _____ () C:\Users\Public\Desktop\Reason Core Security.lnk
    2015-05-30 02:21 - 2015-05-30 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
    2015-05-30 02:21 - 2015-05-30 02:21 - 00000000 ____D () C:\Program Files\Reason
    2015-05-30 02:20 - 2015-05-30 02:20 - 04151848 _____ (Reason Software Company Inc.) C:\Users\kgave_000\Downloads\reason-core-security-setup.exe
    2015-05-30 02:09 - 2015-05-30 02:09 - 00001815 _____ () C:\Users\kgave_000\Desktop\esetthreatlist.txt
    2015-05-29 22:36 - 2015-05-29 22:36 - 02347384 _____ (ESET) C:\Users\kgave_000\Desktop\esetsmartinstaller_enu.exe
    2015-05-29 22:18 - 2015-05-29 22:18 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-05-28 16:21 - 2015-05-28 16:21 - 00001244 _____ () C:\Users\kgave_000\Desktop\malwarebytes.txt
    2015-05-28 15:45 - 2015-05-28 15:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\kgave_000\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-28 15:23 - 2015-05-28 15:23 - 00002059 _____ () C:\Users\kgave_000\Desktop\aswMBR.txt
    2015-05-28 15:23 - 2015-05-28 15:23 - 00000512 _____ () C:\Users\kgave_000\Desktop\MBR.dat
    2015-05-28 14:41 - 2015-05-28 14:43 - 05198336 _____ (AVAST Software) C:\Users\kgave_000\Downloads\aswMBR (1).exe
    2015-05-28 14:38 - 2015-05-28 14:38 - 00140582 _____ () C:\Users\kgave_000\Desktop\OTL.Txt
    2015-05-28 14:38 - 2015-05-28 14:38 - 00049342 _____ () C:\Users\kgave_000\Desktop\Extras.Txt
    2015-05-28 14:28 - 2015-05-28 14:28 - 00140582 _____ () C:\Users\kgave_000\Downloads\OTL.Txt
    2015-05-28 14:28 - 2015-05-28 14:28 - 00049342 _____ () C:\Users\kgave_000\Downloads\Extras.Txt
    2015-05-28 14:22 - 2015-05-28 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\kgave_000\Downloads\OTL (1).exe
    2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Adobe
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\VDLL.DLL
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\rundll16.exe
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\RUNDL132.EXE
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\logo1_.exe
    2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\logo_1.exe
    2015-05-28 12:33 - 2015-05-28 12:42 - 00000056 _____ () C:\windows\Lic.xxx
    2015-05-28 12:33 - 2015-05-28 12:33 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
    2015-05-28 12:33 - 2015-05-28 12:33 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
    2015-05-28 12:33 - 2015-05-28 12:33 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
    2015-05-28 12:33 - 2015-05-28 12:33 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
    2015-05-28 12:33 - 2015-05-28 12:33 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
    2015-05-28 12:33 - 2015-05-28 12:33 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
    2015-05-28 12:33 - 2015-05-28 12:33 - 00001042 _____ () C:\Users\kgave_000\Desktop\MWAVSCAN.lnk
    2015-05-28 12:33 - 2015-05-28 12:33 - 00000000 ____D () C:\ProgramData\MicroWorld
    2015-05-28 12:28 - 2015-05-28 12:31 - 158158304 _____ () C:\Users\kgave_000\Downloads\mwav.exe
    2015-05-28 12:26 - 2015-05-28 12:26 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
    2015-05-28 12:26 - 2015-05-28 12:26 - 00000000 ____D () C:\Program Files\BOINC
    2015-05-28 12:21 - 2015-05-28 12:22 - 95669512 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\kgave_000\Downloads\boinc_7.4.42_windows_x86_64_vbox.exe
    2015-05-28 12:12 - 2015-05-28 12:12 - 00040980 _____ () C:\Users\kgave_000\Desktop\FRST.txt
    2015-05-28 12:12 - 2015-05-28 12:12 - 00033903 _____ () C:\Users\kgave_000\Desktop\Addition.txt
    2015-05-28 12:11 - 2015-05-28 12:11 - 00033903 _____ () C:\Users\kgave_000\Downloads\Addition.txt
    2015-05-28 12:10 - 2015-05-31 06:13 - 00020514 _____ () C:\Users\kgave_000\Downloads\FRST.txt
    2015-05-28 12:10 - 2015-05-31 06:13 - 00000000 ____D () C:\FRST
    2015-05-28 12:09 - 2015-05-28 12:09 - 02108928 _____ (Farbar) C:\Users\kgave_000\Downloads\FRST64.exe
    2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 _____ () C:\windows\system32\reg.txt
    2015-05-28 12:01 - 2015-05-28 12:01 - 00278831 _____ () C:\Users\kgave_000\Downloads\wireless (1).exe
    2015-05-28 11:58 - 2015-05-28 12:03 - 00036657 _____ () C:\windows\SysWOW64\reg.txt
    2015-05-28 11:57 - 2015-05-28 11:57 - 00278831 _____ () C:\Users\kgave_000\Downloads\wireless.exe
    2015-05-28 11:57 - 2015-05-28 11:57 - 00023793 _____ () C:\Users\kgave_000\Downloads\reg.txt
    2015-05-28 11:55 - 2015-05-28 11:55 - 00009513 _____ () C:\Users\kgave_000\Desktop\zoek-results.txt
    2015-05-28 11:55 - 2015-05-28 11:55 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\PCHC
    2015-05-28 11:33 - 2015-05-28 11:18 - 00024064 _____ () C:\windows\zoek-delete.exe
    2015-05-28 11:20 - 2015-01-10 01:19 - 00008294 _____ () C:\zoek-results2015-01-10-081939.log
    2015-05-28 11:10 - 2015-05-28 11:10 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
    2015-05-28 11:10 - 2015-05-28 11:10 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
    2015-05-28 11:10 - 2015-05-28 11:10 - 00001884 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
    2015-05-28 11:09 - 2015-05-28 11:09 - 00449896 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswNdisFlt.sys
    2015-05-28 11:06 - 2015-05-28 11:06 - 01308672 _____ () C:\Users\kgave_000\Downloads\zoek.exe
    2015-05-28 11:03 - 2015-05-28 11:03 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
    2015-05-28 11:02 - 2015-05-28 11:02 - 00118470 _____ () C:\Users\kgave_000\Desktop\HitmanPro_20150528_1102.log
    2015-05-28 11:02 - 2015-05-28 11:02 - 00012196 _____ () C:\windows\system32\.crusader
    2015-05-28 10:54 - 2015-05-28 11:02 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-05-28 10:53 - 2015-05-28 10:54 - 11024496 _____ (SurfRight B.V.) C:\Users\kgave_000\Downloads\HitmanPro_x64.exe
    2015-05-28 10:40 - 2015-05-29 23:52 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2015-05-28 10:40 - 2015-05-28 10:40 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
    2015-05-28 10:38 - 2015-05-28 10:38 - 02947193 _____ (Thisisu) C:\Users\kgave_000\Downloads\JRT (1).exe
    2015-05-28 10:38 - 2015-05-28 10:38 - 00753184 _____ () C:\Users\kgave_000\Downloads\Adware-Removal-Tool-v3.9.1.exe
    2015-05-28 10:35 - 2015-05-28 10:35 - 00001463 _____ () C:\Users\kgave_000\Desktop\JRT.txt
    2015-05-28 10:31 - 2015-05-28 10:31 - 00000207 _____ () C:\windows\tweaking.com-regbackup-WINDOWS-K3T24CV-Windows-8-(64-bit).dat
    2015-05-28 10:31 - 2015-05-28 10:31 - 00000000 ____D () C:\RegBackup
    2015-05-28 10:30 - 2015-05-28 10:30 - 00001061 _____ () C:\Users\kgave_000\Desktop\JRT - Shortcut.lnk
    2015-05-28 10:29 - 2015-05-28 10:29 - 02947193 _____ (Thisisu) C:\Users\kgave_000\Downloads\JRT.exe
    2015-05-28 09:53 - 2015-05-28 10:05 - 00000000 ____D () C:\AdwCleaner
    2015-05-28 09:53 - 2015-05-28 09:53 - 02223104 _____ () C:\Users\kgave_000\Downloads\adwcleaner_4.205.exe
    2015-05-28 09:50 - 2015-05-28 09:50 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4
    2015-05-28 09:50 - 2015-05-28 09:50 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4.job
    2015-05-28 09:48 - 2015-05-28 09:48 - 00002718 _____ () C:\Users\kgave_000\Downloads\software_removal_tool.log
    2015-05-28 09:48 - 2015-05-28 09:48 - 00000198 _____ () C:\Users\kgave_000\Downloads\debug.log
    2015-05-28 09:44 - 2015-05-28 09:44 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-28 09:44 - 2015-05-28 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-28 09:43 - 2015-05-28 09:50 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72
    2015-05-28 09:43 - 2015-05-28 09:50 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job
    2015-05-28 09:43 - 2015-05-28 09:43 - 00003672 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-28 09:43 - 2015-05-28 09:43 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-28 09:38 - 2015-05-28 09:40 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Deployment
    2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Apps\2.0
    2015-05-28 08:47 - 2015-05-28 08:47 - 07528072 _____ (Auslogics Labs Pty Ltd ) C:\Users\kgave_000\Downloads\registry-defrag-setup.exe
    2015-05-28 08:38 - 2015-05-28 08:39 - 00000000 ____D () C:\ProgramData\Auslogics
    2015-05-28 08:37 - 2015-05-28 08:37 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\kgave_000\Downloads\disk-defrag-setup.exe
    2015-05-28 08:18 - 2015-05-28 08:18 - 00050688 _____ (Atribune.org) C:\Users\kgave_000\Downloads\ATF-Cleaner.exe
    2015-05-27 14:52 - 2015-05-27 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-18 19:45 - 2015-05-18 19:45 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\Motive
    2015-05-15 18:24 - 2015-05-15 18:24 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d08f7718835286
    2015-05-13 09:57 - 2015-05-13 09:57 - 00006190 _____ () C:\Users\kgave_000\Desktop\dispatch status.html
    2015-05-13 09:16 - 2015-05-29 22:29 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
    2015-05-13 09:16 - 2015-05-13 09:16 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\ATTSplus
    2015-05-13 09:16 - 2015-05-13 09:16 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\III
    2015-05-13 09:08 - 2015-05-30 03:02 - 00000000 ____D () C:\Program Files (x86)\ATT
    2015-05-13 09:08 - 2015-05-13 09:08 - 00002655 _____ () C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve.lnk
    2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\ProgramData\Motive
    2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATT
    2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\Program Files\Common Files\Motive
    2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\Program Files\ATT
    2015-05-13 09:07 - 2015-05-13 09:07 - 00094000 _____ () C:\Users\kgave_000\Downloads\windows__6a86f0e1-d44a-434c-a5d5-77476500da78__.exe
    2015-05-13 06:41 - 2015-04-30 06:07 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 06:41 - 2015-04-30 06:07 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-05-13 05:12 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-05-13 05:12 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-05-13 05:12 - 2015-04-21 06:53 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-05-13 05:12 - 2015-04-21 06:53 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-05-13 05:12 - 2015-04-21 06:53 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-05-13 05:12 - 2015-04-21 06:52 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-05-13 05:12 - 2015-04-21 06:52 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-05-13 05:12 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-05-13 05:12 - 2015-04-17 19:34 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-05-13 05:12 - 2015-04-12 22:32 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
    2015-05-13 05:12 - 2015-04-12 22:30 - 01839616 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
    2015-05-13 05:12 - 2015-04-12 22:30 - 01280512 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
    2015-05-13 05:12 - 2015-04-12 21:05 - 01416192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
    2015-05-13 05:12 - 2015-04-12 20:25 - 04063744 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-05-13 05:12 - 2015-03-13 17:55 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
    2015-05-13 05:12 - 2015-03-11 22:31 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
    2015-05-13 05:12 - 2015-03-11 22:31 - 01688576 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
    2015-05-13 05:12 - 2015-03-11 22:31 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\WPDShServiceObj.dll
    2015-05-13 05:12 - 2015-03-11 20:52 - 01933312 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
    2015-05-13 05:12 - 2015-03-03 23:41 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
    2015-05-13 05:12 - 2015-03-03 23:39 - 00632832 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
    2015-05-13 05:12 - 2015-03-03 23:39 - 00204288 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
    2015-05-13 05:12 - 2015-03-03 21:53 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
    2015-05-13 05:12 - 2015-03-03 21:52 - 00676864 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
    2015-05-13 05:12 - 2015-02-18 00:39 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
    2015-05-13 05:12 - 2015-02-18 00:38 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
    2015-05-13 05:11 - 2015-05-01 23:28 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2015-05-13 05:11 - 2015-05-01 20:59 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2015-05-13 05:11 - 2015-05-01 20:36 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-05-13 05:11 - 2015-04-13 15:09 - 00570248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2015-05-13 05:11 - 2015-04-05 22:36 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
    2015-05-13 05:11 - 2015-04-05 21:08 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-31 06:13 - 2013-08-28 14:04 - 00000000 ____D () C:\ProgramData\BOINC
    2015-05-31 06:02 - 2014-05-29 09:34 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-31 06:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
    2015-05-30 03:36 - 2013-06-17 19:37 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-05-30 03:06 - 2012-07-26 00:28 - 00021946 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-05-30 03:02 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-05-30 03:01 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Registration
    2015-05-30 03:01 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2015-05-30 02:51 - 2013-11-23 00:45 - 00000000 ____D () C:\ProgramData\GlarySoft
    2015-05-30 02:51 - 2013-11-18 00:13 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\GlarySoft
    2015-05-28 17:10 - 2015-03-26 08:37 - 00318544 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-05-28 15:47 - 2014-05-29 09:34 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-28 15:47 - 2014-05-29 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-28 15:47 - 2014-05-29 09:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-28 12:34 - 2012-07-25 22:26 - 00000643 _____ () C:\windows\win.ini
    2015-05-28 12:25 - 2013-08-28 14:03 - 00000000 ____D () C:\windows\Downloaded Installations
    2015-05-28 11:55 - 2015-01-10 00:47 - 00009513 _____ () C:\zoek-results.log
    2015-05-28 11:32 - 2015-01-10 00:46 - 00000000 ____D () C:\zoek_backup
    2015-05-28 11:10 - 2014-05-01 11:03 - 00029168 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2015-05-28 11:10 - 2013-12-19 06:48 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00272248 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00065736 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2015-05-28 11:10 - 2013-10-23 22:56 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-05-28 11:09 - 2013-10-23 22:56 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
    2015-05-28 11:09 - 2013-10-23 22:56 - 00028144 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswKbd.sys
    2015-05-28 10:06 - 2012-07-25 22:26 - 00002375 _____ () C:\windows\system32\Drivers\etc\hosts.old
    2015-05-28 09:52 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
    2015-05-28 09:44 - 2013-10-23 22:56 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-28 08:56 - 2013-08-05 11:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\setup
    2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-05-28 08:54 - 2013-08-05 11:51 - 00000000 ____D () C:\Users\kgave_000
    2015-05-28 08:14 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
    2015-05-15 18:24 - 2015-02-04 13:13 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d040b77a9c157
    2015-05-14 22:20 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2015-05-14 09:02 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-14 09:02 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
    2015-05-13 15:05 - 2014-03-19 15:33 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\.minecraft
    2015-05-13 06:58 - 2013-08-14 07:26 - 00000000 ____D () C:\windows\system32\MRT
    2015-05-13 06:56 - 2013-08-06 17:39 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-05-05 10:49 - 2014-12-26 10:09 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-05-05 10:49 - 2014-12-26 10:09 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2013-06-17 19:32 - 2013-06-17 19:33 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-06-17 19:28 - 2013-06-17 19:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-06-17 19:29 - 2013-06-17 19:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-06-17 19:28 - 2013-06-17 19:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2013-06-17 19:30 - 2013-06-17 19:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\kgave_000\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\kgave_000\AppData\Local\Temp\rscp_setup.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\logo1_.exe
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\rundll16.exe
    C:\Windows\VDLL.DLL
    C:\Windows\SysWOW64\runouce.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-28 09:35

    ==================== End of log ============================


    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
    Ran by kgave_000 at 2015-05-31 06:14:09
    Running from C:\Users\kgave_000\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-314854818-391394627-198496169-500 - Administrator - Disabled)
    Guest (S-1-5-21-314854818-391394627-198496169-501 - Limited - Disabled)
    kgave_000 (S-1-5-21-314854818-391394627-198496169-1002 - Administrator - Enabled) => C:\Users\kgave_000

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{B25A6EC5-9B58-CD63-B0F2-3DEF57C392D4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.0.48 - AT&T)
    Avast Premier (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
    BOINC (HKLM\...\{E36EE9B2-E411-4919-81E3-4C4862A9514D}) (Version: 7.4.42 - Space Sciences Laboratory, U.C. Berkeley)
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.1 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.1 - Dell Inc.)
    Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
    Dell TP713 Gesture Demo (HKLM-x32\...\{FE2E0749-DB22-43F4-8D15-23E70F5C0F80}) (Version: 1.05.0000 - Dell)
    Dell TP713 Wireless Touchpad Agent (HKLM-x32\...\{F6EEA7D0-6A7E-4140-A1A5-3956C3D631AB}) (Version: 1.04.0000 - Dell)
    DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.15 - DELL)
    Dropbox (HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
    DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
    Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
    Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
    Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    28-05-2015 08:13:51 Windows Modules Installer
    28-05-2015 11:00:55 Checkpoint by HitmanPro
    28-05-2015 11:02:05 Checkpoint by HitmanPro
    28-05-2015 11:20:06 zoek.exe restore point
    28-05-2015 12:26:00 Installed BOINC.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-05-28 12:44 - 2015-05-30 03:02 - 00001903 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com

    There are 5 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {09942021-4EAF-41A9-BC6C-FF187E9397E6} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
    Task: {1223F7EE-6321-4FEC-A41B-31BEBF10675E} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2753fe2b9be3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {15CE74B8-FF47-4A4F-B7D3-79832AC48BD4} - System32\Tasks\avast! Emergency Update
    Task: {15D0EE59-AA08-49E3-B724-796F91739CD2} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f7718835286 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {1BDB0C41-632B-44B0-A21B-3E6703251A4A} - System32\Tasks\GestureDemo64 => C:\Program Files (x86)\Dell\Dell TP713 Gesture Demo\StringResources.exe [2012-09-20] (DELL)
    Task: {25CFDE8A-9F8A-41FA-8F6A-C506A10A0243} - System32\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {29F4EBB6-67D4-4852-B76B-DF22B7E167C5} - System32\Tasks\GoogleUpdateTaskMachineCore1cfee1a7dc9e41a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {454E63FD-8EF4-474F-9086-0134BDB31D01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {45AEDE66-E546-473B-BEE3-75AF80AC5294} - System32\Tasks\GoogleUpdateTaskMachineCore1cfffc8d020b8a2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {49B49507-1E09-4A5E-8754-2ED976105726} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
    Task: {4D2E3B53-F157-4D3D-B4A8-B4E4ACCD61B5} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8de01f23dc10 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {53BF8C7D-0DC9-493D-9401-89380D2A425C} - System32\Tasks\GoogleUpdateTaskMachineCore1cf48a8d558385e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {5F69FAFE-105E-4E18-A81E-BAD6F9887547} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
    Task: {614BB54C-30D9-41C9-AE79-1A3F8BCEF53E} - System32\Tasks\GoogleUpdateTaskMachineCore1cef14dccdd25f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {6264F84E-BCB3-49E1-8177-0B9F36D95B76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {66B07912-B752-4DAA-850D-9FB3F60EF292} - System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {6C167C45-7ECD-4657-9642-4B549B929226} - System32\Tasks\GoogleUpdateTaskMachineCore1d040b77a9c157 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {75F1FDA8-58B9-4BBE-B128-CC8979501117} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
    Task: {7F82FBE9-2A7E-484A-8BB7-A908D1D08813} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6a16c3174275 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {9939540D-5813-4F1D-B26B-21E3191BDE17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B2DF32F5-F81A-42B6-89CD-39D24623369B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {B8EA5787-2097-402A-9962-894D2938EC92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
    Task: {D952EFBA-91E7-453C-817A-5C89EB388570} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {F1F1F131-9AD6-45D7-942F-FC3CD40BD3DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d02a39677090ae => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
    Task: {FB8BDC0D-2242-43ED-B721-816546C3A57D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-07-25 20:30 - 2014-11-06 00:09 - 02676736 _____ () C:\windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
    2013-06-17 19:45 - 2012-08-01 10:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    2013-06-17 19:30 - 2012-04-24 16:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-05-30 02:22 - 2015-05-30 02:22 - 00164600 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
    2014-05-15 03:15 - 2014-05-15 03:15 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2015-05-30 02:22 - 2015-05-30 02:22 - 00401144 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
    2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
    2014-09-17 16:38 - 2014-09-17 16:38 - 01615872 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    2015-05-28 16:00 - 2015-05-28 16:00 - 01980416 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_x86_64
    2015-05-28 11:18 - 2015-05-28 11:18 - 00843776 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
    2015-05-28 11:10 - 2015-05-28 11:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-05-28 11:10 - 2015-05-28 11:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-05-30 01:41 - 2015-05-30 01:41 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053000\algo.dll
    2015-05-31 02:08 - 2015-05-31 02:08 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053100\algo.dll
    2014-11-24 11:22 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
    2014-10-03 12:56 - 2014-10-03 12:56 - 00271360 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2014-10-03 12:56 - 2014-10-03 12:56 - 00244736 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2013-04-24 06:55 - 2013-04-24 06:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\libxmljs\build\Release\xmljs.node
    2014-10-03 12:56 - 2014-10-03 12:56 - 00237056 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2015-03-12 03:02 - 2015-03-12 03:02 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\658efb4e1789d48181d0a2758b8f2bab\PSIClient.ni.dll
    2013-06-17 19:37 - 2012-08-09 11:51 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-06-17 19:37 - 2012-08-06 08:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2013-06-17 19:37 - 2012-08-06 08:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-314854818-391394627-198496169-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\kgave_000\Desktop\OLAF and Fmily.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "RtHDVBg"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
    HKLM\...\StartupApproved\Run32: => "BDRegion"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "Dell TP713 Wireless Touchpad Agent"
    HKLM\...\StartupApproved\Run32: => "GestureDemo"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "AmazonGSDownloaderTray"
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{8B565F59-F55B-4789-9278-56E456F6F26C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9B33B4E0-D824-4F7B-893D-38FEFA6914D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EAC51254-EA3B-414B-B53B-2063D4E3B69B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/31/2015 03:07:13 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

    Error: (05/31/2015 03:02:24 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

    Error: (05/31/2015 02:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0xddc
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5

    Error: (05/30/2015 03:48:55 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

    Error: (05/30/2015 03:02:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (05/30/2015 02:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0x1f64
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5

    Error: (05/30/2015 02:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0x1f64
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5

    Error: (05/30/2015 02:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0x1f64
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5

    Error: (05/30/2015 02:23:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0x1f64
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5

    Error: (05/30/2015 02:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
    Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000051f20
    Faulting process id: 0x1f64
    Faulting application start time: 0xrsUI.exe0
    Faulting application path: rsUI.exe1
    Faulting module path: rsUI.exe2
    Report Id: rsUI.exe3
    Faulting package full name: rsUI.exe4
    Faulting package-relative application ID: rsUI.exe5


    System errors:
    =============
    Error: (05/30/2015 07:18:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (05/30/2015 03:37:03 AM) (Source: ACPI) (EventID: 10) (User: )
    Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

    Error: (05/30/2015 03:01:45 AM) (Source: BTHUSB) (EventID: 5) (User: )
    Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

    Error: (05/30/2015 03:01:37 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (05/29/2015 10:28:33 PM) (Source: ACPI) (EventID: 10) (User: )
    Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

    Error: (05/29/2015 10:28:30 PM) (Source: ACPI) (EventID: 10) (User: )
    Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

    Error: (05/29/2015 10:26:55 PM) (Source: BTHUSB) (EventID: 5) (User: )
    Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

    Error: (05/29/2015 10:26:50 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (05/29/2015 10:26:58 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:58:27 PM on ‎5/‎29/‎2015 was unexpected.

    Error: (05/29/2015 10:11:35 PM) (Source: ACPI) (EventID: 10) (User: )
    Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.


    Microsoft Office:
    =========================
    Error: (05/31/2015 03:07:13 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    Error: (05/31/2015 03:02:24 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    Error: (05/31/2015 02:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f20ddc01d09ac49b7b1245C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll7eced2cf-0773-11e5-bfb9-9c2a7073f7ae

    Error: (05/30/2015 03:48:55 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    Error: (05/30/2015 03:02:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (05/30/2015 02:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll74da001e-06b0-11e5-bfb8-9c2a7073f7ae

    Error: (05/30/2015 02:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll1f951352-06b0-11e5-bfb8-9c2a7073f7ae

    Error: (05/30/2015 02:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll12f6db1b-06ae-11e5-bfb8-9c2a7073f7ae

    Error: (05/30/2015 02:23:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll9587a691-06ad-11e5-bfb8-9c2a7073f7ae

    Error: (05/30/2015 02:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll843868ac-06ad-11e5-bfb8-9c2a7073f7ae


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz
    Percentage of memory in use: 53%
    Total physical RAM: 8062.48 MB
    Available physical RAM: 3759.49 MB
    Total Pagefile: 9278.48 MB
    Available Pagefile: 5169.09 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:1852.77 GB) (Free:1793.5 GB) NTFS
    Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.28 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:7.63 GB) (Free:0.74 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: C73A8C29)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     

    Attached Files:

    Last edited by a moderator: May 31, 2015
  16. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Only the windows tab please, how is the machine running now? I will have your FRST fix coming soon.
     
  17. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64andfixlist.txt are in the same location or the fix will not work.

    NOTICE:This script was written specifically for this user,for use on that particular machine.Running this on another machine may cause damage to your operating system

    RunFRST/FRST64and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run.When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.
     

    Attached Files:

  18. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    After you run the fix, please tell us how the machine is running. As well please include the Zemana and ZHP cleaner logs into your next reply, copy and pasted please.
     
  19. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    really great ty soooooo much
     

    Attached Files:

  20. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Some Suggested Software To Keep You Safe On The Internet.


    Qualys BrowserCheck To update plugins.
    Web Of Trust To Avoid Shady Websites.
    Unchecky To Avoid Bundled Software.
    AdBlock Plus To Browse The Web Ad Free.
    Malwarebytes Anti Exploit To Block Zero Day Attacks.
    Malwarebytes Startup Lite To Disable Useless Items Starting With Your Computer.
    FanBoys Ultimate list. Add The Ultimate List.
    ToolWhiz Smart Defrag Defrag Your Machine With Speed.
    For Chrome Adguard
    For FireFox Adguard


    Now Lets Clean up the tools we used and remove old restore points.


    Download DelFix by "Xplode" to your Desktop.
    Right Click the tool and Run as Admin ( Xp Users Double Click)
    Put a check mark next the items below:


    Remove disinfection tools
    Create registry backup
    Purge System Restore




    Now click on "Run" button.
    allow the program to complete its work.
    all the tools we used will be removed.
    Tool will create and open a log report (DelFix.txt)
    Note: The report can be located at the following location C:\DelFix.txt
     
Loading...
Similar Threads
  1. Cristoff
    Replies:
    5
    Views:
    457

Share This Page