• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

prework (2nd computer)

Belahzur

Freedom Fighter
Moderator
Security Advisor
iHF Regular
#2
I do see some malware in there.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.
 

Cristoff

Active Member
iHF Regular
WCG Team Member
#3
I hope I did it right

Posting for better visibility ~DCiAdmin

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2015
Scan Time: 3:47:12 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.05.24.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: NameHere_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348847
Time Elapsed: 8 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.WebShield.A, C:\Users\NameHere_000\AppData\Local\WebShield, Quarantined, [1a5f261dafdb50e60ef9f1e3cb38fb05],

Files: 1
PUP.Optional.WebShield.A, C:\Users\NameHere_000\AppData\Local\WebShield\data2.dat, Quarantined, [1a5f261dafdb50e60ef9f1e3cb38fb05],

Physical Sectors: 0
(No malicious items detected)


(end)
 

Attachments

Last edited by a moderator:

Pancake

To Protect and Serve
Moderator
iHF Master Craftsman
Security Advisor
#4
How are things running now. Any better ?
 

Cristoff

Active Member
iHF Regular
WCG Team Member
#6
I clicked on that...do I need to run another scan now or just let it happen when the next scheduled scan runs?
 

Pancake

To Protect and Serve
Moderator
iHF Master Craftsman
Security Advisor
#7
Lets do one last scan to confirm all is well.

I'd like you to scan your machine with ESET OnlineScan

(1) Click on the following link to open ESET OnlineScan in a new window. http://eset.com/onlinescan
(2) Click the ESET OnlineScanner button.


Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the ESET Smart Installer icon on your desktop.

Click the Start button.
Accept any security warnings from your browser.
Check Scan Archives
Click the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click Export to text file, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click Finish
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#8
I clicked on that...do I need to run another scan now or just let it happen when the next scheduled scan runs?
Your logfile showed it was deselected, have it selected for any future scans unless told otherwise. Leave you in the hands of the experts.
 

Malnutrition

Still Hungry
iHF Master Craftsman
#9
Download Rogue Killer and save it to your Desktop, you will need the version compatible with your machine.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.





Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Malnutrition

Still Hungry
iHF Master Craftsman
#10
From the looks of it from your logs, you have followed this thread.
http://ihelpforum.com/threads/slow-computer.47752/

Please provide all the logs from the tools that you have ran, I see:

hitmanpro37.sys
MWAVSCAN.
zoek-delete.exe
adware.rtf
JRT
ADware Cleaner

What other tools have you ran?

I would like you to run this tool as well. Reason Core Security
Install the program and run a Full Scan, then remove any infections found, this is a free program as well. It will run alongside your current antivirus with no issues.



 

Cristoff

Active Member
iHF Regular
WCG Team Member
#11
ty everyone here is the eset log

I think this is everything

and this

Code:
HitmanPro 3.7.9.241
www.hitmanpro.com

   Computer name . . . . : WINDOWS-K3T24CV
   Windows . . . . . . . : 6.2.0.9200.X64/8
   User name . . . . . . : WINDOWS-K3T24CV\kgave_000
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-05-28 10:55:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 59s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 4
   Traces  . . . . . . . : 62

   Objects scanned . . . : 1,800,019
   Files scanned . . . . : 49,428
   Remnants scanned  . . : 393,379 files / 1,357,212 keys

Malware _____________________________________________________________________

   C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll -> PendingDelete
      Size . . . . . . . : 1,240,568 bytes
      Age  . . . . . . . : 0.0 days (2015-05-28 10:37:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : BC6C40FE10AF1CA738A2EC483FD4E78984BDF5D60830B812D678CD447644CD7B
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Copyright (C) 2014
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.PullUpdate.T
      Fuzzy  . . . . . . : 104.0
      Forensic Cluster
         -21.0s C:\Windows\Prefetch\DLLHOST.EXE-E6E6216F.pf
          0.0s C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll
          0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe
          0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe.config
          0.0s C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll
          0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe
          0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe.config
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\doomed\
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\
          0.7s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\webapps\webapps.json
          1.0s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\VDyPuhkU.exe.log
          1.1s C:\Windows\Prefetch\VDYPUHKU.EXE-00B709ED.pf
          1.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F4D302C4958C92DC08C2E6D3247461253828625E
          2.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\FAC9DE5511B165F75A6AE9E2EEEFCEBEC5B68216
          2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D990F09B75BB8194FD9F6DC1ABA201A4DCB1DFC
          2.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3101F89C359C3250BF9B212B5651079F1980870E
          2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\96F22410F2D15D2E619D83B828E74B629483F9D8
          2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFAD5322766E6D562457324A731E79D5EEAD0FEC
          3.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D504BCE873AAEB65D2B1EBAF7FBB58267E15627
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F99A63FACEB3C68DAC680BEF0D2DA333C92357C4
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F2732FD2F5F54923124EFE3902076D73EB669772
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C492BCF336CB9591DFBA2E8F076FCD9AD0AF00A1
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\54B19389C36ED7FE56DC3D0FB95B0E2B54566088
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E20380ED7C59FC2E3FBCEDB15C79F36B5390EE6D
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8EED0C9352D767F87773875FFBE8DD576FA89BBF
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\95F8A75C307961E7B2DF321E00C34ED0B64EBD8B
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CC63FF3D2C056691DF1520CFF7FC2795B6892F07
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\108717780C06983CCF6CD295FF7D4EF7CCD6947B
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\20DAE5A43BD6A334E224EE74A38583D19BD26257
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\806B3176E707898EE5A41858CAC9A3DE85705025
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\40695902D1189B3F08500154AA4EA1EF4DE77408
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C626F2BF6A46B580B1344BFD9F04DA11CE8278B1
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1FE2FBB6D9A028D022EF2F137E01A6E27F17B135
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6348244CAB0424C9954802233C6655AEFD438CDB
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\94BDDD7FF6CB726B9ABB1348345D0755B5D5BF3F
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2C988D1B58D236DA131C83FC3FD509204EAD06A7
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E9D25CF48F6B58835E9F91FD1D89C1B8AD315B6D
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6596E6DE1318F2AA58D51350F7F8C58394937478
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\497C4885E3F6E3F3D4111F5BAD8B378CD7623C4B
          3.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E1FF6F6BE3375F101F5466363EE4D08F98EB26C2
          3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\7FD4BDCF3DEF4DB7C5571FF49DC08F150F090B66
          3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D47C99CC19F2468FE9DDCCD5DC5AF88B603AEBAD
          3.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\15FC164D4B310986A97D3193A050F8E365C3C264
          3.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12447ed8155a2d36740fe56071906c00_c2eb18e8-a707-49c2-be16-8ccf431d7109
          3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1652B3B65E99235B758DC6413FE9BFB19D1765CB
          3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C16DB23BC8F514646F35FD664700DF7D91B55C27
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F354EF739CB31FB22C3FB1D44F214C82DC27B106
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3C069B76E051E4402441F6FAD96B5AF728D379B0
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1C82FB285527DE85195B740F16F4018AE6EF94EF
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFD3A838635CE278BEBB1B3E1C74E9603CA0DE7D
          4.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\45512653112E9C19B49308CCF8954936ED78DDCC
          4.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2D88181756C099B04775A3838C4CDB4AD63FD84E
          4.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CA302F67F21FC2283B285F13F48B45CF1FFE8A69
          5.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8BA07BBB7E198324EFD2F0AFA9417AF3EC49A208
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6A1B775FFDE3928650937F908F49A8DB574B3C6A
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3322213546E64E56E67BE783031CE505F3F7B65D
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6CBF8B16356DF538EC1BD692EDBC8CAE8E48584
          6.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6F6A24DF923A4BD43FA5CB4E50415CEC8965184
          6.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\EE7632E6A31A2B65BA9BED295510B60EFF9D8D65
          6.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D1A0B0C61DFF5B4F1EDCB70536DDA0C40D009295
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.sbstore
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.sbstore
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.sbstore
          7.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.sbstore
          7.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.cache
          7.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.sbstore
          7.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.cache
          7.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.sbstore
          8.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.cache
          8.5s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\prefs.js.old
          8.6s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\xulstore.json
          8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F1B5C3EDE100D4A38A0A28F1CEF6FAEFB619EC1B
          8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\929BCF811537CE5A1B05BC367E7D5FCD9D1512C2
         11.4s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

   C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll -> PendingDelete
      Size . . . . . . . : 1,455,096 bytes
      Age  . . . . . . . : 0.0 days (2015-05-28 10:37:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1DB630F8E37D11A63403B033BC65970038DF7D91610A236A9F81BFF48D91012D
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Copyright (C) 2014
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.PullUpdate.T
    > Kaspersky  . . . . : not-a-virus:AdWare.Win64.Agent.y
      Fuzzy  . . . . . . : 104.0
      Forensic Cluster
         -21.0s C:\Windows\Prefetch\DLLHOST.EXE-E6E6216F.pf
         -0.0s C:\ProgramData\cxAKuEt\dat\ivwmoUr.dll
         -0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe
          0.0s C:\ProgramData\cxAKuEt\dat\VDyPuhkU.exe.config
          0.0s C:\ProgramData\cxAKuEt\dat\YXzxxkT.dll
          0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe
          0.0s C:\ProgramData\cxAKuEt\dat\lDezhZMZPh.exe.config
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\doomed\
          0.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\
          0.7s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\webapps\webapps.json
          1.0s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\VDyPuhkU.exe.log
          1.0s C:\Windows\Prefetch\VDYPUHKU.EXE-00B709ED.pf
          1.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F4D302C4958C92DC08C2E6D3247461253828625E
          2.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\FAC9DE5511B165F75A6AE9E2EEEFCEBEC5B68216
          2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D990F09B75BB8194FD9F6DC1ABA201A4DCB1DFC
          2.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3101F89C359C3250BF9B212B5651079F1980870E
          2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\96F22410F2D15D2E619D83B828E74B629483F9D8
          2.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFAD5322766E6D562457324A731E79D5EEAD0FEC
          3.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\4D504BCE873AAEB65D2B1EBAF7FBB58267E15627
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F99A63FACEB3C68DAC680BEF0D2DA333C92357C4
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F2732FD2F5F54923124EFE3902076D73EB669772
          3.1s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C492BCF336CB9591DFBA2E8F076FCD9AD0AF00A1
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\54B19389C36ED7FE56DC3D0FB95B0E2B54566088
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E20380ED7C59FC2E3FBCEDB15C79F36B5390EE6D
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8EED0C9352D767F87773875FFBE8DD576FA89BBF
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\95F8A75C307961E7B2DF321E00C34ED0B64EBD8B
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CC63FF3D2C056691DF1520CFF7FC2795B6892F07
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\108717780C06983CCF6CD295FF7D4EF7CCD6947B
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\20DAE5A43BD6A334E224EE74A38583D19BD26257
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\806B3176E707898EE5A41858CAC9A3DE85705025
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\40695902D1189B3F08500154AA4EA1EF4DE77408
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C626F2BF6A46B580B1344BFD9F04DA11CE8278B1
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1FE2FBB6D9A028D022EF2F137E01A6E27F17B135
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6348244CAB0424C9954802233C6655AEFD438CDB
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\94BDDD7FF6CB726B9ABB1348345D0755B5D5BF3F
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2C988D1B58D236DA131C83FC3FD509204EAD06A7
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E9D25CF48F6B58835E9F91FD1D89C1B8AD315B6D
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6596E6DE1318F2AA58D51350F7F8C58394937478
          3.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\497C4885E3F6E3F3D4111F5BAD8B378CD7623C4B
          3.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E1FF6F6BE3375F101F5466363EE4D08F98EB26C2
          3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\7FD4BDCF3DEF4DB7C5571FF49DC08F150F090B66
          3.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D47C99CC19F2468FE9DDCCD5DC5AF88B603AEBAD
          3.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\15FC164D4B310986A97D3193A050F8E365C3C264
          3.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12447ed8155a2d36740fe56071906c00_c2eb18e8-a707-49c2-be16-8ccf431d7109
          3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1652B3B65E99235B758DC6413FE9BFB19D1765CB
          3.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\C16DB23BC8F514646F35FD664700DF7D91B55C27
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F354EF739CB31FB22C3FB1D44F214C82DC27B106
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3C069B76E051E4402441F6FAD96B5AF728D379B0
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\1C82FB285527DE85195B740F16F4018AE6EF94EF
          3.9s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\DFD3A838635CE278BEBB1B3E1C74E9603CA0DE7D
          4.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\45512653112E9C19B49308CCF8954936ED78DDCC
          4.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\2D88181756C099B04775A3838C4CDB4AD63FD84E
          4.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\CA302F67F21FC2283B285F13F48B45CF1FFE8A69
          5.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\8BA07BBB7E198324EFD2F0AFA9417AF3EC49A208
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\6A1B775FFDE3928650937F908F49A8DB574B3C6A
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\3322213546E64E56E67BE783031CE505F3F7B65D
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6CBF8B16356DF538EC1BD692EDBC8CAE8E48584
          6.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\E6F6A24DF923A4BD43FA5CB4E50415CEC8965184
          6.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\EE7632E6A31A2B65BA9BED295510B60EFF9D8D65
          6.6s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\D1A0B0C61DFF5B4F1EDCB70536DDA0C40D009295
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-downloadwhite-digest256.sbstore
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-malware-simple.sbstore
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.cache
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.pset
          7.2s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\test-phish-simple.sbstore
          7.3s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.sbstore
          7.4s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-badbinurl-shavar.cache
          7.5s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.sbstore
          7.7s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-malware-shavar.cache
          7.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.sbstore
          8.0s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\safebrowsing\goog-phish-shavar.cache
          8.4s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\prefs.js.old
          8.6s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\xulstore.json
          8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\F1B5C3EDE100D4A38A0A28F1CEF6FAEFB619EC1B
          8.8s C:\Users\kgave_000\AppData\Local\Mozilla\Firefox\Profiles\he72s3jb.default\cache2\entries\929BCF811537CE5A1B05BC367E7D5FCD9D1512C2
         11.4s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

   C:\Users\kgave_000\Downloads\ChromeSetup(1).exe -> Quarantined
      Size . . . . . . . : 550,928 bytes
      Age  . . . . . . . : 0.1 days (2015-05-28 09:41:56)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : BCE0A49E22A2DBC5BE34A39FDE3806AB4A5C6F5D1BFC778DC5764BBC01C90AC2
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Bundler.SoftPulse.P
      Fuzzy  . . . . . . : 113.0
      Forensic Cluster
         -131.9s C:\Windows\Prefetch\CLICKONCE_BOOTSTRAP.EXE-E0B126E3.pf
         -128.6s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\
         -128.6s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\clickonce_bootstrap.exe.log
         -121.2s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\devinv.dll
         -118.4s C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-138A0B78.pf
         -117.1s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-9C8CF738.pf
         -95.5s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C5475B42.pf
         -74.3s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\aeinv.dll
         -69.1s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.2.9200.17297_none_ca2a11dd0cd2447c\aepdu.dll
         -68.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_1_95268617_out.pdbqt
         -67.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_input.txt
         -66.6s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_1712899117_log.txt
         -61.2s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c4ec40840ea16a1e2b57db26fa7edba_c2eb18e8-a707-49c2-be16-8ccf431d7109
         -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c097216aeda1f55509a0ab861a4924a8_c2eb18e8-a707-49c2-be16-8ccf431d7109
         -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d2fd27defea37ec4b59fe4f6791df1b_c2eb18e8-a707-49c2-be16-8ccf431d7109
         -46.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8137c325471b4381b3ef9a793793050c_c2eb18e8-a707-49c2-be16-8ccf431d7109
         -21.6s C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf
         -19.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\healthreport.sqlite-wal
         -19.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\healthreport.sqlite-shm
          0.0s C:\Users\kgave_000\Downloads\ChromeSetup(1).exe
          0.8s C:\Windows\Prefetch\DISMHOST.EXE-6FFF425B.pf
         12.8s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_22F4F1EB61E68CAF59BE26E97DD01E13
         12.8s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_22F4F1EB61E68CAF59BE26E97DD01E13
         17.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861
         17.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861
         17.9s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_BCD82115381B0E06DB56FB568B7E0AAC
         17.9s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_BCD82115381B0E06DB56FB568B7E0AAC
         18.3s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-http_31bf3856ad364e35_6.2.9200.16556_none_05ad17d1a284fc38\http.sys
         31.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\752e2a1b3519661a8303509264881fcb_c2eb18e8-a707-49c2-be16-8ccf431d7109
         35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.voucher
         35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.info
         35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\eme-adobe.dll
         35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\9\
         35.0s C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\gmp-eme-adobe\
         61.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_2480BD6C9A6442544C7A76730F0ED7CE
         61.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_2480BD6C9A6442544C7A76730F0ED7CE
         61.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaf3d3950a15f60f7f485b069e29d09c_c2eb18e8-a707-49c2-be16-8ccf431d7109
         62.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C437972632A488222EA069E1572887C7_E81144BDDDC27FF2BA4B139FD0BFC2A9
         62.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C437972632A488222EA069E1572887C7_E81144BDDDC27FF2BA4B139FD0BFC2A9
         62.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07a9ea0976ad938d856078186235498c_c2eb18e8-a707-49c2-be16-8ccf431d7109
         64.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_3A19103BB32475275B90020DB5564F74
         64.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_3A19103BB32475275B90020DB5564F74
         64.5s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e87b9c17ccb92e55a5c1358b9582ed2_c2eb18e8-a707-49c2-be16-8ccf431d7109
         65.5s C:\Windows\Prefetch\WMIC.EXE-216D3361.pf
         65.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_F38817DE8A99EEEC3AD2E6CFE6147F19
         65.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_F38817DE8A99EEEC3AD2E6CFE6147F19
         66.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2d308b7f2e0ac5179f0b9a69be55e90_c2eb18e8-a707-49c2-be16-8ccf431d7109
         74.2s C:\Windows\Prefetch\SETUP.EXE-BC37C772.pf
         74.4s C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\StormWatchappuninstall.exe.vir
         74.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\StormWatch\Uninstall StormWatch.lnk.vir
         75.2s C:\Windows\Prefetch\STORMWATCHSRV.EXE-3F78F29A.pf
         77.4s C:\Windows\Prefetch\STORMWATCHSETUP.EXE-6328CEAA.pf
         77.8s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\StormWatch\StormWatchApp.dat.vir
         79.8s C:\AdwCleaner\Quarantine\C\Program Files (x86)\StormWatch\uninstall.exe.vir
         80.0s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\StormWatch.lnk.vir
         80.0s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk.vir
         81.7s C:\Windows\WinSxS\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_10.0.9200.17296_none_5440d56f1513b0a2\urlmon.dll
         82.2s C:\Windows\Prefetch\SCHTASKS.EXE-0AD36442.pf
         83.8s C:\Windows\Prefetch\ONESYSTEMCARE.EXE-6294D512.pf
         84.4s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
         84.4s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
         84.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         84.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         85.0s C:\Windows\Prefetch\SETUP.EXE-26939C56.pf
         85.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         85.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         85.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
         85.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_4517BB8BCBB4E8835735D26085BECE1A
         85.6s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_4517BB8BCBB4E8835735D26085BECE1A
         85.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
         86.3s C:\Windows\Prefetch\STORMWATCHAPP.EXE-EE999F48.pf
         87.9s C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch\StormWatchSrv.dat.vir
         88.4s C:\Windows\Prefetch\STORMWATCH2_0.EXE-895E7612.pf
         89.5s C:\ProgramData\cxAKuEt\
         89.5s C:\ProgramData\cxAKuEt\info.dat
         89.5s C:\ProgramData\cxAKuEt\wJdOBsumMe.dat
         89.6s C:\ProgramData\cxAKuEt\wJdOBsumMe.exe
         89.6s C:\ProgramData\cxAKuEt\wJdOBsumMe.exe.config
         90.0s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         90.0s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         90.2s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
         90.2s C:\Users\kgave_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_59C8F2AE57B8CA239753BF893FD2474B
         90.9s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\IEClearCache.exe.log
         90.9s C:\Windows\Prefetch\IECLEARCACHE.EXE-0C4E7FA9.pf
         91.7s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebShieldInstall.exe.log
         91.7s C:\Windows\Prefetch\WEBSHIELDINSTALL.EXE-C69103AA.pf
         91.9s C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\app.dat.vir
         91.9s C:\Windows\Prefetch\ONESYSTEMCARE.EXE-2CCD2217.pf
         92.1s C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\data.dat.vir
         92.7s C:\Users\kgave_000\AppData\Local\Packages\windows_ie_ac_001\AC\WebShield\
         92.7s C:\Users\kgave_000\AppData\Local\Packages\windows_ie_ac_001\AC\WebShield\data.dat
         92.8s C:\Windows\WinSxS\Temp\InFlight\cbe3aedf6499d0018f00000020169017\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_10.0.9200.17267_none_543dbdc915167e3e\urlmon.dll
         92.8s C:\Windows\Prefetch\SWUPDATERSVC.EXE-3FE52C5E.pf
         93.7s C:\Program Files (x86)\Google\Update\
         94.2s C:\Windows\Prefetch\PING.EXE-CF0A440C.pf
         94.3s C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
         94.7s C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
         94.7s C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
         96.1s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_usbt2h442ct3xjfow5su3qyydefw1pax\2.0.0.0\user.config.vir
         96.3s C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job
         98.5s C:\Windows\Prefetch\GAMES DESKTOP.EXE-20F5B97C.pf
         98.6s C:\Windows\Prefetch\GAMES DESKTOP.TMP-7A32B2F7.pf
         98.6s C:\Windows\Prefetch\STORMWATCH.EXE-7B995E9B.pf
         99.0s C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
         99.4s C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72
         99.5s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_2_1712899117_out.pdbqt
         100.2s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_3_input.txt
         100.5s C:\Windows\Prefetch\WJDOBSUMME.EXE-F374C465.pf
         101.3s C:\ProgramData\BOINC\slots\1\fahv.x3MXD-B-AS_ZINC16293909_3_1657524677_log.txt
         101.7s C:\Windows\Prefetch\CHROMESETUP.EXE-D40011CB.pf
         103.5s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-6C5735E6.pf
         103.6s C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-C0E9A0C4.pf
         103.9s C:\Windows\Prefetch\POWERSHELL.EXE-E69E0788.pf
         103.9s C:\Windows\Prefetch\CMD.EXE-2EB3E6E2.pf
         103.9s C:\Program Files (x86)\Google\Update\Download\
         108.1s C:\Windows\Prefetch\TASKKILL.EXE-3D8A2F61.pf
         111.7s C:\Windows\Prefetch\7ZA.EXE-318B6994.pf
         115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\gmsd_us_624.exe.vir
         115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\predm.exe.vir
         115.5s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\upgmsd_us_624.exe.vir
         115.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\gamesdesktop_widget.exe.vir
         115.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.dat.vir
         115.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.exe.vir
         116.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk.vir
         116.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_624\unins000.msg.vir
         117.7s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\upgmsd_us_624.cyl.vir
         118.4s C:\AdwCleaner\Quarantine\C\Users\kgave_000\AppData\Local\gmsd_us_624\gmsd_us_624\1.20\cnf.cyl.vir
         127.2s C:\Windows\Prefetch\TASKLIST.EXE-74FDEEA1.pf
         127.5s C:\Windows\Prefetch\UPGMSD_US_624.EXE-26CFCFB9.pf
         128.3s C:\Windows\Prefetch\GMSD_US_624.EXE-1431C8B5.pf
         136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\
         136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\43.0.2357.81\
         136.5s C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\43.0.2357.81\43.0.2357.81_chrome_installer.exe
         139.9s C:\Program Files (x86)\Google\Chrome\
         143.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrome.7z
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Extensions\
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\
         146.5s C:\Windows\Prefetch\SETUP.EXE-35A07AD2.pf
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\natives_blob.bin
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\snapshot_blob.bin
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\docs.crx
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\drive.crx
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\gmail.crx
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\search.crx
         146.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\youtube.crx
         146.6s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\icudtl.dat
         146.6s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome.dll
         147.5s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_child.dll
         148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_elf.dll
         148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_watcher.dll
         148.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\d3dcompiler_47.dll
         148.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\ffmpegsumo.dll
         148.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
         148.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libexif.dll
         148.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
         148.7s C:\Windows\Prefetch\43.0.2357.81_CHROME_INSTALLER-17E23FA0.pf
         148.8s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\metro_driver.dll
         148.9s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
         149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\widevinecdmadapter.dll
         149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\xinput1_3.dll
         149.0s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe
         149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
         149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Extensions\external_extensions.json
         149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\43.0.2357.81.manifest
         149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\manifest.json
         149.1s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\default_apps\external_extensions.json
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\am.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ar.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\bg.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\bn.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ca.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl_irt_x86_32.nexe
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl_irt_x86_64.nexe
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\cs.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\da.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\de.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\el.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\en-GB.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\en-US.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\es-419.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\es.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\et.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_100_percent.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome_200_percent.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fa.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fi.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fil.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\fr.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\gu.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\he.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hi.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hr.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\hu.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\id.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\it.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ja.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\kn.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ko.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\lt.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\lv.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ml.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\mr.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ms.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\nb.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\nl.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pl.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pt-BR.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\pt-PT.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\resources.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ro.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ru.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sk.pak
         149.2s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sl.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\logo.png
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\smalllogo.png
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\VisualElements\splash-620x300.png
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sr.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sv.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\sw.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\ta.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\te.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\th.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\tr.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\uk.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\vi.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\zh-CN.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Locales\zh-TW.pak
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\secondarytile.png
         149.3s C:\Program Files (x86)\Google\Chrome\Application\VisualElementsManifest.xml
         149.3s C:\Program Files (x86)\Google\Chrome\Application\
         149.3s C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\setup.exe
         149.3s C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
         149.4s C:\Program Files (x86)\Google\Chrome\Application\master_preferences
         149.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\
         149.4s C:\Users\kgave_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
         149.4s C:\Users\Public\Desktop\Google Chrome.lnk
         149.5s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
         149.7s C:\Users\kgave_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
         152.6s C:\Windows\Prefetch\GOOGLEUPDATEONDEMAND.EXE-0C1C5DB4.pf
         155.1s C:\ProgramData\cxAKuEt\dat\
         157.2s C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Cache\
         159.6s C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf
         163.8s C:\Users\kgave_000\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\PQOswBXEuy.exe.log
         164.4s C:\Windows\Prefetch\PQOSWBXEUY.EXE-E7CEA000.pf

   C:\Users\kgave_000\Downloads\Fun_Games.exe -> Deleted
      Size . . . . . . . : 1,255,600 bytes
      Age  . . . . . . . : 261.5 days (2014-09-08 22:54:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : C695F1445C5B3F4227B54288A72ECF31C1035CE1B6B117EF8B55415668DCF6D1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Bundler.SoftPulse.8
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.SoftPulse.p
      Fuzzy  . . . . . . : 107.0


Suspicious files ____________________________________________________________

   C:\Users\kgave_000\Desktop\FRST.exe
      Size . . . . . . . : 1,115,648 bytes
      Age  . . . . . . . : 134.9 days (2015-01-13 12:13:46)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FAF5179C2772F9F1CD61CF2E85BDCA567B5C776C404D0EFF5B1A0EEB82B71411
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\windows\mod_frst.exe
      Size . . . . . . . : 430,080 bytes
      Age  . . . . . . . : 139.5 days (2015-01-08 23:57:36)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 1A4F003A36F73127419BE7611A2C5664524EF0D5668AB2993D5D483DCF3491F2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\ConsumerInputUpdate.exe\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine.1.0\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\ConsumerInputUpdate.exe\ (ConsumerInput) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9147B929-DCC3-4187-B1BE-5B12DDAB7D20}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\ (PCOptimizerPro) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{268205B6-13E6-4FA2-A1EF-84E4E59F3F1B}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2A142934-F3E4-4D68-A360-3FE35783E849}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{37EB1FA3-2181-4EED-8C9F-363068501901}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{41E3E6E6-3E50-4F6E-A1F8-1E24440BC6F8}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4F3440C0-EB6A-46F2-94D8-2D74A0D21C5D}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{52C0A3BA-1DE8-477D-91F4-F82D3824C304}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{55D12CB4-DA12-43D6-8100-90174ABBB84F}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{58AC6DE8-F15B-4C6A-91D7-B8FA6A2F4169}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{592DA852-5C4E-49F8-88BC-EA0A893180C6}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5A43377F-504A-4FC4-8575-9C98997788BF}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5E8F3A92-7544-482D-9D34-FFD702697D16}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7096D298-02B5-4AE9-94E1-C16E27553D17}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{837641EA-9158-43EE-B2A1-9CEDC5CBD98F}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{977ED000-4ECA-454D-AEA2-11824E57A043}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AC992757-3DEC-43C4-8D9D-AA82F8A857E4}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C59D48E5-082B-4BB6-9838-BA261C4FBD5C}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CB21D37D-1DD1-444A-AB6A-AE623DF7B4E4}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CCE83B2E-3794-41FC-8179-46BFEA22148A}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3B8A2CD-70B5-49A4-BFD6-0180BE487A4C}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FA326D8A-B632-4BCE-858E-12271ABAF613}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FB3B0E75-E48E-47C4-BA52-57B7F6E38510}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FFA4D25D-8411-40F8-919D-3C4CD94FBD29}\ (ConsumerInput) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}\ (ConsumerInput) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Classes\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\ConsumerInput\ (ConsumerInput) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
   HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> PendingDelete
   HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput) -> PendingDelete

Cookies _____________________________________________________________________

   C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
i have another thread going (prework) about my other computer...should I download Reason Core to it as well?

some how missed doing this one...

RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : kgave_000 [Administrator]
Started from : C:\Users\kgave_000\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 05/30/2015 04:25:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.dell.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.dell.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] $McRebootA5E6DEAA56$.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [LNK@] C:\Windows\System32\cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk" -> Deleted

¤¤¤ Hosts File : 35 ¤¤¤
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\Windows\System32\Drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] 205c2167109ad866a9683059cdc6e6d5
[BSP] 4c044e36c61bcb814ca369b167b49c8a : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 2048 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 4196352 | Size: 500 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 5220352 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 5482496 | Size: 1897237 MB
4 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3891023872 | Size: 7814 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05302015_035535.log
 

Attachments

Last edited by a moderator:

Pancake

To Protect and Serve
Moderator
iHF Master Craftsman
Security Advisor
#13
I will bow out and let Mal continue with the cleanup. :mrgreen:
 

Malnutrition

Still Hungry
iHF Master Craftsman
#13
Can you please post a new FRST log after you have ran a full scan with Reason Core security and 9-lab and removed all threats found from each. When you re-run FRST make sure and tick additon.txt

Also disable useless start up items with Ccleaner, you have it installed.



Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.



Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:
  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.




Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.



Reboot your machine and then follow the instructions below.


9-Lab Scan

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

Install the program onto your computer, then right click the icon
run as administrator.

Go to the Update tab and update the program.



Now go to the scanner tab and select Full Scan.



Upon Scan Completion Click Show Results.



Now click the Clean button.



Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.
 

Malnutrition

Still Hungry
iHF Master Craftsman
#14
Run a full scan with Zemana antimalware.
http://www.zemana.us/product/zemana-antimalware/default.aspx
Install and select deep scan.

Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply.

Download and save ZHP Cleaner to your desktop.
http://www.nicolascoolman.fr/download/zhpcleaner-2/
Right Click and run as administrator.
Click on the Repair button.
At the end of the process you will be asked to reboot your machine.
After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
 

Cristoff

Active Member
iHF Regular
WCG Team Member
#15
ty so much...here are the new logs. I have a question about the start up task you asked me to do. Do I stop everything (except the antivirus) on all the tabs i.e...explorer, firefox, google, etc... I have left the boinc manager and tray running as I like to have those on at all times (I think) so that I am always computing for the team

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by kgave_000 (administrator) on WINDOWS-K3T24CV on 31-05-2015 06:13:22
Running from C:\Users\kgave_000\Downloads
Loaded Profiles: kgave_000 (Available Profiles: kgave_000)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\node.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.5.0.48\ma\bin\pcTrayApp.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549648 2012-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.0.48\ma\bin\pcTrayApp.exe [2886144 2015-01-22] (Alcatel-Lucent)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-03-09] (Space Sciences Laboratory)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [GestureDemo] => C:\Program Files (x86)\DELL\Dell TP713 Gesture Demo\StringResources.exe [471552 2012-09-20] (DELL)
HKLM-x32\...\Run: [Dell TP713 Wireless Touchpad Agent] => C:\Program Files (x86)\DELL\Dell TP713 Wireless TouchPad Agent\Dell TP713 Wireless Touchpad Agent.exe [117760 2012-09-26] (Dell)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8926016 2015-03-09] (Space Sciences Laboratory)
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\MountPoints2: {175bb8eb-c476-11e4-bf86-9c2a7073f7ae} - "G:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-314854818-391394627-198496169-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> (None)
Startup: C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-314854818-391394627-198496169-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-314854818-391394627-198496169-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-28] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-08-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-08-08] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll [2014-12-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-08-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-08-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [2015-01-22] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.1 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kgave_000\AppData\Roaming\Mozilla\Firefox\Profiles\he72s3jb.default\searchplugins\yahoo-avast.xml [2015-01-06]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-05-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-23]

Chrome:
=======
CHR Profile: C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (WOT) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-09]
CHR Extension: (YouTube) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Adblock Plus) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-09]
CHR Extension: (Google Search) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Avast Online Security) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\kgave_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [kofilaoejfjbjfopdnckahcidedndnln] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe [321024 2015-01-22] (Alcatel-Lucent) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-28] (Avast Software s.r.o.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2014-09-10] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2014-09-10] (Alcatel-Lucent) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2014-11-06] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [164600 2015-05-30] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1919336 2012-08-06] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-28] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-28] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-28] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-28] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-11-17] (Glarysoft Ltd)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 FintekCIR; C:\Windows\System32\drivers\FintekCIR.sys [33128 2012-06-07] (Fintek)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
R3 L1C; C:\Windows\system32\DRIVERS\L1C60x64.sys [106096 2011-11-15] (Atheros Communications, Inc.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-08] (Atheros)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-08-08] (Qualcomm Atheros Communications Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-28] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 02:00 - 2015-05-31 02:00 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\CrashDumps
2015-05-30 08:30 - 2015-05-30 22:31 - 00039561 _____ () C:\windows\WindowsUpdate.log
2015-05-30 04:27 - 2015-05-30 04:27 - 00006883 _____ () C:\Users\kgave_000\Desktop\RKreport_DEL_05302015_042530.log
2015-05-30 03:41 - 2015-05-30 04:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-30 03:41 - 2015-05-30 03:41 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-05-30 03:40 - 2015-05-30 03:40 - 20781656 _____ () C:\Users\kgave_000\Downloads\RogueKillerX64.exe
2015-05-30 02:22 - 2015-05-30 02:22 - 00000000 ____D () C:\ProgramData\Reason
2015-05-30 02:21 - 2015-05-30 02:21 - 00003556 _____ () C:\windows\System32\Tasks\ReasonSecurityScheduledScan
2015-05-30 02:21 - 2015-05-30 02:21 - 00003456 _____ () C:\windows\System32\Tasks\ReasonSecurityStart
2015-05-30 02:21 - 2015-05-30 02:21 - 00000873 _____ () C:\Users\Public\Desktop\Reason Core Security.lnk
2015-05-30 02:21 - 2015-05-30 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-05-30 02:21 - 2015-05-30 02:21 - 00000000 ____D () C:\Program Files\Reason
2015-05-30 02:20 - 2015-05-30 02:20 - 04151848 _____ (Reason Software Company Inc.) C:\Users\kgave_000\Downloads\reason-core-security-setup.exe
2015-05-30 02:09 - 2015-05-30 02:09 - 00001815 _____ () C:\Users\kgave_000\Desktop\esetthreatlist.txt
2015-05-29 22:36 - 2015-05-29 22:36 - 02347384 _____ (ESET) C:\Users\kgave_000\Desktop\esetsmartinstaller_enu.exe
2015-05-29 22:18 - 2015-05-29 22:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-28 16:21 - 2015-05-28 16:21 - 00001244 _____ () C:\Users\kgave_000\Desktop\malwarebytes.txt
2015-05-28 15:45 - 2015-05-28 15:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\kgave_000\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-28 15:23 - 2015-05-28 15:23 - 00002059 _____ () C:\Users\kgave_000\Desktop\aswMBR.txt
2015-05-28 15:23 - 2015-05-28 15:23 - 00000512 _____ () C:\Users\kgave_000\Desktop\MBR.dat
2015-05-28 14:41 - 2015-05-28 14:43 - 05198336 _____ (AVAST Software) C:\Users\kgave_000\Downloads\aswMBR (1).exe
2015-05-28 14:38 - 2015-05-28 14:38 - 00140582 _____ () C:\Users\kgave_000\Desktop\OTL.Txt
2015-05-28 14:38 - 2015-05-28 14:38 - 00049342 _____ () C:\Users\kgave_000\Desktop\Extras.Txt
2015-05-28 14:28 - 2015-05-28 14:28 - 00140582 _____ () C:\Users\kgave_000\Downloads\OTL.Txt
2015-05-28 14:28 - 2015-05-28 14:28 - 00049342 _____ () C:\Users\kgave_000\Downloads\Extras.Txt
2015-05-28 14:22 - 2015-05-28 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\kgave_000\Downloads\OTL (1).exe
2015-05-28 12:48 - 2015-05-28 12:48 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Adobe
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\VDLL.DLL
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\rundll16.exe
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\RUNDL132.EXE
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\logo1_.exe
2015-05-28 12:42 - 2015-05-28 12:42 - 00000000 ____D () C:\windows\logo_1.exe
2015-05-28 12:33 - 2015-05-28 12:42 - 00000056 _____ () C:\windows\Lic.xxx
2015-05-28 12:33 - 2015-05-28 12:33 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
2015-05-28 12:33 - 2015-05-28 12:33 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
2015-05-28 12:33 - 2015-05-28 12:33 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
2015-05-28 12:33 - 2015-05-28 12:33 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
2015-05-28 12:33 - 2015-05-28 12:33 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-05-28 12:33 - 2015-05-28 12:33 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
2015-05-28 12:33 - 2015-05-28 12:33 - 00001042 _____ () C:\Users\kgave_000\Desktop\MWAVSCAN.lnk
2015-05-28 12:33 - 2015-05-28 12:33 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-28 12:28 - 2015-05-28 12:31 - 158158304 _____ () C:\Users\kgave_000\Downloads\mwav.exe
2015-05-28 12:26 - 2015-05-28 12:26 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
2015-05-28 12:26 - 2015-05-28 12:26 - 00000000 ____D () C:\Program Files\BOINC
2015-05-28 12:21 - 2015-05-28 12:22 - 95669512 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\kgave_000\Downloads\boinc_7.4.42_windows_x86_64_vbox.exe
2015-05-28 12:12 - 2015-05-28 12:12 - 00040980 _____ () C:\Users\kgave_000\Desktop\FRST.txt
2015-05-28 12:12 - 2015-05-28 12:12 - 00033903 _____ () C:\Users\kgave_000\Desktop\Addition.txt
2015-05-28 12:11 - 2015-05-28 12:11 - 00033903 _____ () C:\Users\kgave_000\Downloads\Addition.txt
2015-05-28 12:10 - 2015-05-31 06:13 - 00020514 _____ () C:\Users\kgave_000\Downloads\FRST.txt
2015-05-28 12:10 - 2015-05-31 06:13 - 00000000 ____D () C:\FRST
2015-05-28 12:09 - 2015-05-28 12:09 - 02108928 _____ (Farbar) C:\Users\kgave_000\Downloads\FRST64.exe
2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 _____ () C:\windows\system32\reg.txt
2015-05-28 12:01 - 2015-05-28 12:01 - 00278831 _____ () C:\Users\kgave_000\Downloads\wireless (1).exe
2015-05-28 11:58 - 2015-05-28 12:03 - 00036657 _____ () C:\windows\SysWOW64\reg.txt
2015-05-28 11:57 - 2015-05-28 11:57 - 00278831 _____ () C:\Users\kgave_000\Downloads\wireless.exe
2015-05-28 11:57 - 2015-05-28 11:57 - 00023793 _____ () C:\Users\kgave_000\Downloads\reg.txt
2015-05-28 11:55 - 2015-05-28 11:55 - 00009513 _____ () C:\Users\kgave_000\Desktop\zoek-results.txt
2015-05-28 11:55 - 2015-05-28 11:55 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\PCHC
2015-05-28 11:33 - 2015-05-28 11:18 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-05-28 11:20 - 2015-01-10 01:19 - 00008294 _____ () C:\zoek-results2015-01-10-081939.log
2015-05-28 11:10 - 2015-05-28 11:10 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-05-28 11:10 - 2015-05-28 11:10 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-05-28 11:10 - 2015-05-28 11:10 - 00001884 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-05-28 11:09 - 2015-05-28 11:09 - 00449896 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-05-28 11:06 - 2015-05-28 11:06 - 01308672 _____ () C:\Users\kgave_000\Downloads\zoek.exe
2015-05-28 11:03 - 2015-05-28 11:03 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-05-28 11:02 - 2015-05-28 11:02 - 00118470 _____ () C:\Users\kgave_000\Desktop\HitmanPro_20150528_1102.log
2015-05-28 11:02 - 2015-05-28 11:02 - 00012196 _____ () C:\windows\system32\.crusader
2015-05-28 10:54 - 2015-05-28 11:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 10:53 - 2015-05-28 10:54 - 11024496 _____ (SurfRight B.V.) C:\Users\kgave_000\Downloads\HitmanPro_x64.exe
2015-05-28 10:40 - 2015-05-29 23:52 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-28 10:40 - 2015-05-28 10:40 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-05-28 10:38 - 2015-05-28 10:38 - 02947193 _____ (Thisisu) C:\Users\kgave_000\Downloads\JRT (1).exe
2015-05-28 10:38 - 2015-05-28 10:38 - 00753184 _____ () C:\Users\kgave_000\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-05-28 10:35 - 2015-05-28 10:35 - 00001463 _____ () C:\Users\kgave_000\Desktop\JRT.txt
2015-05-28 10:31 - 2015-05-28 10:31 - 00000207 _____ () C:\windows\tweaking.com-regbackup-WINDOWS-K3T24CV-Windows-8-(64-bit).dat
2015-05-28 10:31 - 2015-05-28 10:31 - 00000000 ____D () C:\RegBackup
2015-05-28 10:30 - 2015-05-28 10:30 - 00001061 _____ () C:\Users\kgave_000\Desktop\JRT - Shortcut.lnk
2015-05-28 10:29 - 2015-05-28 10:29 - 02947193 _____ (Thisisu) C:\Users\kgave_000\Downloads\JRT.exe
2015-05-28 09:53 - 2015-05-28 10:05 - 00000000 ____D () C:\AdwCleaner
2015-05-28 09:53 - 2015-05-28 09:53 - 02223104 _____ () C:\Users\kgave_000\Downloads\adwcleaner_4.205.exe
2015-05-28 09:50 - 2015-05-28 09:50 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4
2015-05-28 09:50 - 2015-05-28 09:50 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4.job
2015-05-28 09:48 - 2015-05-28 09:48 - 00002718 _____ () C:\Users\kgave_000\Downloads\software_removal_tool.log
2015-05-28 09:48 - 2015-05-28 09:48 - 00000198 _____ () C:\Users\kgave_000\Downloads\debug.log
2015-05-28 09:44 - 2015-05-28 09:44 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 09:44 - 2015-05-28 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 09:43 - 2015-05-28 09:50 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72
2015-05-28 09:43 - 2015-05-28 09:50 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job
2015-05-28 09:43 - 2015-05-28 09:43 - 00003672 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-28 09:43 - 2015-05-28 09:43 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 09:38 - 2015-05-28 09:40 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Deployment
2015-05-28 09:38 - 2015-05-28 09:38 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\Apps\2.0
2015-05-28 08:47 - 2015-05-28 08:47 - 07528072 _____ (Auslogics Labs Pty Ltd ) C:\Users\kgave_000\Downloads\registry-defrag-setup.exe
2015-05-28 08:38 - 2015-05-28 08:39 - 00000000 ____D () C:\ProgramData\Auslogics
2015-05-28 08:37 - 2015-05-28 08:37 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\kgave_000\Downloads\disk-defrag-setup.exe
2015-05-28 08:18 - 2015-05-28 08:18 - 00050688 _____ (Atribune.org) C:\Users\kgave_000\Downloads\ATF-Cleaner.exe
2015-05-27 14:52 - 2015-05-27 14:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 19:45 - 2015-05-18 19:45 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\Motive
2015-05-15 18:24 - 2015-05-15 18:24 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d08f7718835286
2015-05-13 09:57 - 2015-05-13 09:57 - 00006190 _____ () C:\Users\kgave_000\Desktop\dispatch status.html
2015-05-13 09:16 - 2015-05-29 22:29 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
2015-05-13 09:16 - 2015-05-13 09:16 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\ATTSplus
2015-05-13 09:16 - 2015-05-13 09:16 - 00000000 ____D () C:\Users\kgave_000\AppData\Local\III
2015-05-13 09:08 - 2015-05-30 03:02 - 00000000 ____D () C:\Program Files (x86)\ATT
2015-05-13 09:08 - 2015-05-13 09:08 - 00002655 _____ () C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve.lnk
2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\ProgramData\Motive
2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATT
2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\Program Files\Common Files\Motive
2015-05-13 09:08 - 2015-05-13 09:08 - 00000000 ____D () C:\Program Files\ATT
2015-05-13 09:07 - 2015-05-13 09:07 - 00094000 _____ () C:\Users\kgave_000\Downloads\windows__6a86f0e1-d44a-434c-a5d5-77476500da78__.exe
2015-05-13 06:41 - 2015-04-30 06:07 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:41 - 2015-04-30 06:07 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 05:12 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 05:12 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 05:12 - 2015-04-21 06:53 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 05:12 - 2015-04-21 06:53 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 05:12 - 2015-04-21 06:53 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 05:12 - 2015-04-21 06:52 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 05:12 - 2015-04-21 06:52 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 05:12 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 05:12 - 2015-04-17 19:34 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 05:12 - 2015-04-12 22:32 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 05:12 - 2015-04-12 22:30 - 01839616 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 05:12 - 2015-04-12 22:30 - 01280512 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 05:12 - 2015-04-12 21:05 - 01416192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 05:12 - 2015-04-12 20:25 - 04063744 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 05:12 - 2015-03-13 17:55 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
2015-05-13 05:12 - 2015-03-11 22:31 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 05:12 - 2015-03-11 22:31 - 01688576 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-05-13 05:12 - 2015-03-11 22:31 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\WPDShServiceObj.dll
2015-05-13 05:12 - 2015-03-11 20:52 - 01933312 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-13 05:12 - 2015-03-03 23:41 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 05:12 - 2015-03-03 23:39 - 00632832 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 05:12 - 2015-03-03 23:39 - 00204288 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 05:12 - 2015-03-03 21:53 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-13 05:12 - 2015-03-03 21:52 - 00676864 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-13 05:12 - 2015-02-18 00:39 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-13 05:12 - 2015-02-18 00:38 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2015-05-13 05:11 - 2015-05-01 23:28 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 05:11 - 2015-05-01 20:59 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 05:11 - 2015-05-01 20:36 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 05:11 - 2015-04-13 15:09 - 00570248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-13 05:11 - 2015-04-05 22:36 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-05-13 05:11 - 2015-04-05 21:08 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 06:13 - 2013-08-28 14:04 - 00000000 ____D () C:\ProgramData\BOINC
2015-05-31 06:02 - 2014-05-29 09:34 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 06:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2015-05-30 03:36 - 2013-06-17 19:37 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-30 03:06 - 2012-07-26 00:28 - 00021946 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-30 03:02 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-30 03:01 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Registration
2015-05-30 03:01 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-30 02:51 - 2013-11-23 00:45 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-05-30 02:51 - 2013-11-18 00:13 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\GlarySoft
2015-05-28 17:10 - 2015-03-26 08:37 - 00318544 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-28 15:47 - 2014-05-29 09:34 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-28 15:47 - 2014-05-29 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 15:47 - 2014-05-29 09:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 12:34 - 2012-07-25 22:26 - 00000643 _____ () C:\windows\win.ini
2015-05-28 12:25 - 2013-08-28 14:03 - 00000000 ____D () C:\windows\Downloaded Installations
2015-05-28 11:55 - 2015-01-10 00:47 - 00009513 _____ () C:\zoek-results.log
2015-05-28 11:32 - 2015-01-10 00:46 - 00000000 ____D () C:\zoek_backup
2015-05-28 11:10 - 2014-05-01 11:03 - 00029168 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-05-28 11:10 - 2013-12-19 06:48 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00272248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00065736 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-05-28 11:10 - 2013-10-23 22:56 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-05-28 11:09 - 2013-10-23 22:56 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-05-28 11:09 - 2013-10-23 22:56 - 00028144 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswKbd.sys
2015-05-28 10:06 - 2012-07-25 22:26 - 00002375 _____ () C:\windows\system32\Drivers\etc\hosts.old
2015-05-28 09:52 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2015-05-28 09:44 - 2013-10-23 22:56 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 08:56 - 2013-08-05 11:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\setup
2015-05-28 08:55 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-05-28 08:54 - 2013-08-05 11:51 - 00000000 ____D () C:\Users\kgave_000
2015-05-28 08:14 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2015-05-15 18:24 - 2015-02-04 13:13 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d040b77a9c157
2015-05-14 22:20 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2015-05-14 09:02 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:02 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 15:05 - 2014-03-19 15:33 - 00000000 ____D () C:\Users\kgave_000\AppData\Roaming\.minecraft
2015-05-13 06:58 - 2013-08-14 07:26 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 06:56 - 2013-08-06 17:39 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-05 10:49 - 2014-12-26 10:09 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 10:49 - 2014-12-26 10:09 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-06-17 19:32 - 2013-06-17 19:33 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-17 19:28 - 2013-06-17 19:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-17 19:29 - 2013-06-17 19:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-17 19:28 - 2013-06-17 19:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-17 19:30 - 2013-06-17 19:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\kgave_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\kgave_000\AppData\Local\Temp\rscp_setup.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 09:35

==================== End of log ============================


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by kgave_000 at 2015-05-31 06:14:09
Running from C:\Users\kgave_000\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-314854818-391394627-198496169-500 - Administrator - Disabled)
Guest (S-1-5-21-314854818-391394627-198496169-501 - Limited - Disabled)
kgave_000 (S-1-5-21-314854818-391394627-198496169-1002 - Administrator - Enabled) => C:\Users\kgave_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{B25A6EC5-9B58-CD63-B0F2-3DEF57C392D4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.0.48 - AT&T)
Avast Premier (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
BOINC (HKLM\...\{E36EE9B2-E411-4919-81E3-4C4862A9514D}) (Version: 7.4.42 - Space Sciences Laboratory, U.C. Berkeley)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.1 - Dell Inc.)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell TP713 Gesture Demo (HKLM-x32\...\{FE2E0749-DB22-43F4-8D15-23E70F5C0F80}) (Version: 1.05.0000 - Dell)
Dell TP713 Wireless Touchpad Agent (HKLM-x32\...\{F6EEA7D0-6A7E-4140-A1A5-3956C3D631AB}) (Version: 1.04.0000 - Dell)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.15 - DELL)
Dropbox (HKU\S-1-5-21-314854818-391394627-198496169-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-314854818-391394627-198496169-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kgave_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-05-2015 08:13:51 Windows Modules Installer
28-05-2015 11:00:55 Checkpoint by HitmanPro
28-05-2015 11:02:05 Checkpoint by HitmanPro
28-05-2015 11:20:06 zoek.exe restore point
28-05-2015 12:26:00 Installed BOINC.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-28 12:44 - 2015-05-30 03:02 - 00001903 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09942021-4EAF-41A9-BC6C-FF187E9397E6} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {1223F7EE-6321-4FEC-A41B-31BEBF10675E} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2753fe2b9be3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {15CE74B8-FF47-4A4F-B7D3-79832AC48BD4} - System32\Tasks\avast! Emergency Update
Task: {15D0EE59-AA08-49E3-B724-796F91739CD2} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f7718835286 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {1BDB0C41-632B-44B0-A21B-3E6703251A4A} - System32\Tasks\GestureDemo64 => C:\Program Files (x86)\Dell\Dell TP713 Gesture Demo\StringResources.exe [2012-09-20] (DELL)
Task: {25CFDE8A-9F8A-41FA-8F6A-C506A10A0243} - System32\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {29F4EBB6-67D4-4852-B76B-DF22B7E167C5} - System32\Tasks\GoogleUpdateTaskMachineCore1cfee1a7dc9e41a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {454E63FD-8EF4-474F-9086-0134BDB31D01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {45AEDE66-E546-473B-BEE3-75AF80AC5294} - System32\Tasks\GoogleUpdateTaskMachineCore1cfffc8d020b8a2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {49B49507-1E09-4A5E-8754-2ED976105726} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {4D2E3B53-F157-4D3D-B4A8-B4E4ACCD61B5} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8de01f23dc10 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {53BF8C7D-0DC9-493D-9401-89380D2A425C} - System32\Tasks\GoogleUpdateTaskMachineCore1cf48a8d558385e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {5F69FAFE-105E-4E18-A81E-BAD6F9887547} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {614BB54C-30D9-41C9-AE79-1A3F8BCEF53E} - System32\Tasks\GoogleUpdateTaskMachineCore1cef14dccdd25f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {6264F84E-BCB3-49E1-8177-0B9F36D95B76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {66B07912-B752-4DAA-850D-9FB3F60EF292} - System32\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {6C167C45-7ECD-4657-9642-4B549B929226} - System32\Tasks\GoogleUpdateTaskMachineCore1d040b77a9c157 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {75F1FDA8-58B9-4BBE-B128-CC8979501117} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: {7F82FBE9-2A7E-484A-8BB7-A908D1D08813} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6a16c3174275 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {9939540D-5813-4F1D-B26B-21E3191BDE17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2DF32F5-F81A-42B6-89CD-39D24623369B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B8EA5787-2097-402A-9962-894D2938EC92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {D952EFBA-91E7-453C-817A-5C89EB388570} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {F1F1F131-9AD6-45D7-942F-FC3CD40BD3DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d02a39677090ae => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {FB8BDC0D-2242-43ED-B721-816546C3A57D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d099656ed36d72.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0996672bb08f4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-25 20:30 - 2014-11-06 00:09 - 02676736 _____ () C:\windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
2013-06-17 19:45 - 2012-08-01 10:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2013-06-17 19:30 - 2012-04-24 16:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-05-30 02:22 - 2015-05-30 02:22 - 00164600 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2014-05-15 03:15 - 2014-05-15 03:15 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-05-30 02:22 - 2015-05-30 02:22 - 00401144 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-09-17 16:38 - 2014-09-17 16:38 - 01615872 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
2015-05-28 16:00 - 2015-05-28 16:00 - 01980416 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_x86_64
2015-05-28 11:18 - 2015-05-28 11:18 - 00843776 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
2015-05-28 11:10 - 2015-05-28 11:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-28 11:10 - 2015-05-28 11:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-30 01:41 - 2015-05-30 01:41 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053000\algo.dll
2015-05-31 02:08 - 2015-05-31 02:08 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053100\algo.dll
2014-11-24 11:22 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
2014-10-03 12:56 - 2014-10-03 12:56 - 00271360 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2014-10-03 12:56 - 2014-10-03 12:56 - 00244736 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-04-24 06:55 - 2013-04-24 06:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\libxmljs\build\Release\xmljs.node
2014-10-03 12:56 - 2014-10-03 12:56 - 00237056 _____ () C:\Program Files (x86)\ATT\8.5.0.48\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2015-03-12 03:02 - 2015-03-12 03:02 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\658efb4e1789d48181d0a2758b8f2bab\PSIClient.ni.dll
2013-06-17 19:37 - 2012-08-09 11:51 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-06-17 19:37 - 2012-08-06 08:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-06-17 19:37 - 2012-08-06 08:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314854818-391394627-198496169-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\kgave_000\Desktop\OLAF and Fmily.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Dell TP713 Wireless Touchpad Agent"
HKLM\...\StartupApproved\Run32: => "GestureDemo"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AmazonGSDownloaderTray"
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-314854818-391394627-198496169-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B565F59-F55B-4789-9278-56E456F6F26C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B33B4E0-D824-4F7B-893D-38FEFA6914D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAC51254-EA3B-414B-B53B-2063D4E3B69B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 03:07:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/31/2015 03:02:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/31/2015 02:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0xddc
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5

Error: (05/30/2015 03:48:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/30/2015 03:02:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/30/2015 02:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0x1f64
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5

Error: (05/30/2015 02:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0x1f64
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5

Error: (05/30/2015 02:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0x1f64
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5

Error: (05/30/2015 02:23:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0x1f64
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5

Error: (05/30/2015 02:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.0.7.0, time stamp: 0x5559350f
Faulting module name: LSASRV.dll, version: 6.2.9200.17231, time stamp: 0x54b76fb5
Exception code: 0xc0000005
Fault offset: 0x0000000000051f20
Faulting process id: 0x1f64
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5


System errors:
=============
Error: (05/30/2015 07:18:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/30/2015 03:37:03 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

Error: (05/30/2015 03:01:45 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (05/30/2015 03:01:37 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/29/2015 10:28:33 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

Error: (05/29/2015 10:28:30 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.

Error: (05/29/2015 10:26:55 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (05/29/2015 10:26:50 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/29/2015 10:26:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:58:27 PM on ‎5/‎29/‎2015 was unexpected.

Error: (05/29/2015 10:11:35 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.


Microsoft Office:
=========================
Error: (05/31/2015 03:07:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/31/2015 03:02:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/31/2015 02:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f20ddc01d09ac49b7b1245C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll7eced2cf-0773-11e5-bfb9-9c2a7073f7ae

Error: (05/30/2015 03:48:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/30/2015 03:02:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/30/2015 02:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll74da001e-06b0-11e5-bfb8-9c2a7073f7ae

Error: (05/30/2015 02:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll1f951352-06b0-11e5-bfb8-9c2a7073f7ae

Error: (05/30/2015 02:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll12f6db1b-06ae-11e5-bfb8-9c2a7073f7ae

Error: (05/30/2015 02:23:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll9587a691-06ad-11e5-bfb8-9c2a7073f7ae

Error: (05/30/2015 02:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rsUI.exe1.0.7.05559350fLSASRV.dll6.2.9200.1723154b76fb5c00000050000000000051f201f6401d09ab9fcb53bc8C:\Program Files\Reason\Security\rsUI.exeC:\windows\SYSTEM32\LSASRV.dll843868ac-06ad-11e5-bfb8-9c2a7073f7ae


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz
Percentage of memory in use: 53%
Total physical RAM: 8062.48 MB
Available physical RAM: 3759.49 MB
Total Pagefile: 9278.48 MB
Available Pagefile: 5169.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1852.77 GB) (Free:1793.5 GB) NTFS
Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.28 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.63 GB) (Free:0.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: C73A8C29)

Partition: GPT Partition Type.

==================== End of log ============================
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#17
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64andfixlist.txt are in the same location or the fix will not work.

NOTICE:This script was written specifically for this user,for use on that particular machine.Running this on another machine may cause damage to your operating system

RunFRST/FRST64and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run.When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.
 

Attachments

Malnutrition

Still Hungry
iHF Master Craftsman
#18
After you run the fix, please tell us how the machine is running. As well please include the Zemana and ZHP cleaner logs into your next reply, copy and pasted please.
 

Malnutrition

Still Hungry
iHF Master Craftsman
#20
Some Suggested Software To Keep You Safe On The Internet.


Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
AdBlock Plus To Browse The Web Ad Free.
Malwarebytes Anti Exploit To Block Zero Day Attacks.
Malwarebytes Startup Lite To Disable Useless Items Starting With Your Computer.
FanBoys Ultimate list. Add The Ultimate List.
ToolWhiz Smart Defrag Defrag Your Machine With Speed.
For Chrome Adguard
For FireFox Adguard


Now Lets Clean up the tools we used and remove old restore points.


Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt