Programs install themselves with my knowledge...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by hunters, Apr 22, 2015.

  1. hunters

    hunters Private E-2

    I'm also getting a ton of redirects and pop ups...Thanks for any and all help you can provide! I've provided my 4 logs. THANK YOU

    My TDS log was 408kb and couldn't be uploaded, so I've copied the text from the log below:
     

    Attached Files:

    Last edited by a moderator: Apr 22, 2015
    hunters, Apr 22, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Where is the log from Hitman please? :)
     
    Kestrel13!, Apr 22, 2015
    #2
  3. hunters

    hunters Private E-2

    Sorry about that, not sure how that happened. It is below as it exceeds the size limit.


    Code:
    HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : FREDT-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : FredT-PC\Fred T
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-04-22 17:59:21
   Scan mode . . . . . . : EWS
   Scan duration . . . . : 5m 13s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : No connection
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 85

   Objects scanned . . . : 1,404,023
   Files scanned . . . . : 50,733
   Remnants scanned  . . : 296,287 files / 1,057,003 keys

Suspicious files ____________________________________________________________

   C:\$Recycle.Bin\S-1-5-21-1956736502-3406738524-1949330324-1001\$RZA8ADU.exe
      Size . . . . . . . : 2,099,712 bytes
      Age  . . . . . . . : 1.3 days (2015-04-21 10:48:40)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7E78DC8EBC5FDD3AFB5AE900C97DD6B12F4E9F3DA0A8129136B1CF6A4B2F4258
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\$Recycle.Bin\S-1-5-21-1956736502-3406738524-1949330324-1001\$RZA8ADU.exe
          2.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EB47A328-76A8-4AEF-BDD6-A44A56381B30}
          4.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B9E91166-325F-4B61-9198-EB3E41C25CF0}
         20.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F7980656-D5F3-4EFF-922F-9D5CAC89ED5F}
         20.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{285556B2-239A-49B3-8D56-8B46239AB20C}
         26.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2258B5DF-87C1-4D56-B86D-0B4B95EFFEC2}
         26.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{41670758-BA13-497C-A0B1-56F161BB844B}
         27.8s C:\Program Files (x86)\predm\
         34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{ED2907E3-B9DC-41F1-9E42-9C2E7E65397A}
         44.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9A434292-03CD-421C-95D2-7F47E6C2D9E4}

   C:\Users\Fred T\AppData\Local\Temp\ICReinstall_nsiC681.tmp
      Size . . . . . . . : 589,198 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 17:55:07)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 2BBE2DC4F18BA931047DE20DF361BF2C1E0076038E9EEE34CC0C2A55AFE7DF5E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4C4C4544-004D-3810-8030-C6C04F543132&civ=0&pac=AS
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -11.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\88\EBC80613A54D8C60.dat
         -1.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{20E2560B-3377-4568-BA5A-6C1B02266C91}
          0.0s C:\Users\Fred T\AppData\Local\Temp\ICReinstall_nsiC681.tmp
          0.1s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323806_stp.CIS
          0.7s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323806_stp.CIS.part
          0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\71\D9E8825DF8662403.dat
          1.3s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323806_stp\
          1.3s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323806_stp\gvstb.exe
          5.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\
          5.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\64\E5BE70CCC8CDF0A4.dat
          5.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\48\
          5.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\48\37834307BEB84848.dat
          5.9s C:\$Recycle.Bin\S-1-5-21-1956736502-3406738524-1949330324-1001\$RND67ER.lnk
          7.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323982_stp.CIS
          7.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\declineBG[1].png
          7.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\Yes_Button[1].png
          7.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\No_Button[1].png
          7.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\Yes_Button_Hover[1].png
          7.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\No_Button_Hover[1].png
          7.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\Hawonayoh[1].png
          7.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\Nanazejenim[1].png
          7.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\Litalatili[1].png
          7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Taderonadan_Y2[1].png
          7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Totavener[1].png
          7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Naninil[1].png
          7.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\Linilila[1].png
          7.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\Doroledol[1].png
          7.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\CH_logo[1].png
          7.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\IE_logo[1].png
          7.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\Hihavavov1[1].png
          7.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\FF_logo[1].png
          7.9s C:\Users\Fred T\AppData\Local\Temp\is45637729\1324010_stp.CIS
          8.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\Hihavavov2[1].png
          8.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\Hihavavov_BisliLogo[1].png
          8.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Mapayuy_FS[1].png
          8.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Mapayuy_FS_XP[1].png
          8.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Pusepupo_bg_new[1].png
          8.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Siromomoy[1].jpg
          8.2s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323982_stp.CIS.part
          8.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\BisliM_logo[1].png
          8.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\bg[1].jpg
          8.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\Nobaxotat_logo[1].png
          8.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\logo[1].png
          8.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\truste[1].png
          8.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\bar7[1].png
          8.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\logo_b[1].png
          8.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\logo39[1].png
          8.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\Sihehihi_31_03_15[1].png
          8.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\logo[2].png
          8.7s C:\Users\Fred T\AppData\Local\Temp\is45637729\1324010_stp.CIS.part
          8.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Pisiseti_BG1[1].jpg
          8.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\Pisiseti_BG2[1].jpg
          8.9s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323982_stp\
          8.9s C:\Users\Fred T\AppData\Local\Temp\is45637729\1323982_stp\sqlite3.dll
          8.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Pisiseti_BG1_232[1].jpg
          8.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Pisiseti_BG2_232[1].jpg
          9.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bg1[1].jpg
          9.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bg2[1].jpg
          9.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\1324010_stp\
          9.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\1324010_stp\RAM.dll
          9.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\Perutepag20_01_2015[1].png
          9.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\install_btn[1].png
          9.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\d2mGetitBtn[1].png
          9.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\d2mGetitBtn_Hover[1].png
          9.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\Fidamidifip[1].png
          9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\00\7E7FA49CC3E79D54.dat
          9.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\LOGO[3].png
          9.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\NotonoronotLeon2[1].png
          9.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\51\337BE8167B72A4E3.dat
         10.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\79\
         10.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\79\D64CD9919BBCAED7.dat
         10.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\44\
         10.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\44\20703CCC868DFA38.dat
         10.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\03\A639A94B316DC727.dat

   C:\Users\Fred T\AppData\Local\Temp\ICReinstall_nsk65AD.tmp
      Size . . . . . . . : 589,198 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 17:00:49)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 2BBE2DC4F18BA931047DE20DF361BF2C1E0076038E9EEE34CC0C2A55AFE7DF5E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4C4C4544-004D-3810-8030-C6C04F543132&civ=0&pac=AS
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\52\
         -12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\52\1C56863C25BED0CC.dat
          0.0s C:\Users\Fred T\AppData\Local\Temp\ICReinstall_nsk65AD.tmp
          0.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\
          0.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265063_stp.CIS
          0.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CE57B32D-FFA3-49D3-B253-8C54DA396535}
          0.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\11\5F284C5D14D859A7.dat
          1.5s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265063_stp.CIS.part
          1.8s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265063_stp\
          1.8s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265063_stp\gvstb.exe
          2.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\74\43FCBF9D0E6543FA.dat
          2.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\22\
          2.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\22\C4455E85D6867CC6.dat
          5.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\
          5.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\39\614A54E335E06C43.dat
          6.5s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265141_stp.CIS
          7.0s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265178_stp.CIS
          7.7s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265141_stp.CIS.part
          7.7s C:\Users\Fred T\AppData\Local\Temp\is45637729\3265178_stp.CIS.part
          9.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\42\
          9.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\42\879C0B9D87B1AE3E.dat
          9.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\25\F8A8A18FBB9E228D.dat
          9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\78\183ABECC6CD2EE1A.dat
          9.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\62\
          9.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\62\C64419B31DD32636.dat
         12.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\32\7B47878EDA97F55C.dat

   C:\Users\Fred T\AppData\Local\Temp\nsiC681.tmp
      Size . . . . . . . : 589,198 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 17:54:39)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 2BBE2DC4F18BA931047DE20DF361BF2C1E0076038E9EEE34CC0C2A55AFE7DF5E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4C4C4544-004D-3810-8030-C6C04F543132&civ=0&pac=AS
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Fred T\AppData\Local\Temp\nsk65AD.tmp
      Size . . . . . . . : 589,198 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 17:00:22)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 2BBE2DC4F18BA931047DE20DF361BF2C1E0076038E9EEE34CC0C2A55AFE7DF5E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4C4C4544-004D-3810-8030-C6C04F543132&civ=0&pac=AS
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Fred T\AppData\Local\Temp\nsuA048.tmp
      Size . . . . . . . : 267,226 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:33:18)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : D1999C444E0477895314096571A8C9BD862C01B634E06689798451BAE6F0174D
      Product  . . . . . : Install Generic
      Publisher
      Description  . . . : Generic Setup Component
      Version  . . . . . : 1.0.0.0
      Source URL . . . . : hxxp://livestatscounter.com/countstats/count.php
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -15.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FAED81F8-B6DE-4A3F-9854-F3235830BAE7}
         -15.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3FCC2220-F07D-4CC3-BD72-63AF410B59FE}
         -8.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\7A894CF94825D2C2.dat
         -4.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FCC222E5-2F74-49F9-AA77-F23C67029B8D}
          0.0s C:\Users\Fred T\AppData\Local\Temp\nsuA048.tmp
          0.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\56\7540048BFB9C0370.dat
         16.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9003CE51-E746-414E-ADFD-8D345F2B1395}
         16.9s C:\Users\Fred T\AppData\Local\MYPCSCAN\
         17.0s C:\Users\Fred T\AppData\Local\MYPCSCAN\MYPCSCAN.exe
         17.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\41\9D5B15B4F72A3235.dat
         31.1s C:\Users\Fred T\AppData\Local\Temp\MSI91998.LOG
         31.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4A9D709A-DCF9-432B-AB3A-59E6CEA5C44E}
         31.5s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\378B079587A9184B2E2AB859CB263F40_524AD1B9B08D3C6450727265AE77B7D2
         31.6s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\378B079587A9184B2E2AB859CB263F40_524AD1B9B08D3C6450727265AE77B7D2
         32.0s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EB35376744F392396307460D546222D_2714088C367D47392B8C84A5DAA7E72E
         32.0s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EB35376744F392396307460D546222D_2714088C367D47392B8C84A5DAA7E72E
         34.8s C:\Windows\Installer\SourceHash{100DA694-4BDA-4BE8-A88B-028E71BFA108}
         45.5s C:\Users\Fred T\AppData\Local\Temp\nsv523D.tmp
         46.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{530F6E68-FCE3-4912-A653-0C327F2CE510}
         51.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\56\806E149B7679A0B8.dat
         52.2s C:\Users\Fred T\AppData\Local\Temp\Uninstall.exe

   C:\Users\Fred T\AppData\Local\Temp\nswE83F.tmp
      Size . . . . . . . : 267,226 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:04:38)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : D1999C444E0477895314096571A8C9BD862C01B634E06689798451BAE6F0174D
      Product  . . . . . : Install Generic
      Publisher
      Description  . . . : Generic Setup Component
      Version  . . . . . : 1.0.0.0
      Source URL . . . . : hxxp://livestatscounter.com/countstats/count.php
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -10.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\stats[1].htm
         -10.0s C:\Users\Fred T\AppData\Local\Temp\nswC156.tmp
         -4.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\dl[1].htm
          0.0s C:\Users\Fred T\AppData\Local\Temp\nswE83F.tmp
          0.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\check[1].exe
          0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\22\CC4EEDA64D57CCAE.dat
          1.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26AD9EA5-A291-4F4C-A477-D16B07D62BB7}
          6.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011a
          6.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011b
          6.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011c
          6.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011d
          6.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011e
          6.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011f
          6.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000120
          6.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000121
          6.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000122
          6.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000123
          6.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000124
          6.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000125
          6.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000126
          6.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000127
          6.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000128
          6.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000129
          6.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012a
          6.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012b
          6.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012c
          7.2s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012d
          7.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\static-cdn1.ustream.tv\flash.viewer.sol
          8.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\settings.sol
          8.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012e
          8.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012f
          8.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000130
          8.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000131
         11.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000132
         11.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000133
         12.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000134
         12.3s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000135
         12.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000136
         12.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\#s.ytimg.com\
         12.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
         12.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\s.ytimg.com\
         13.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000137
         17.0s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\
         17.0s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\System.dll
         17.2s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\WmiInspector.dll
         17.4s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\inetc.dll
         18.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\46\CA0E53C9C7AEEBB2.dat
         19.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\Validate[1].exe
         19.3s C:\Users\Fred T\AppData\Local\Temp\nsh33C2.tmp
         19.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{41648331-496E-4DB3-A737-CEF584438061}
         20.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\install_VO[1].htm
         21.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\cmmdWriter[1].exe
         26.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\setup_gmsd_us[1].exe
         29.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000138
         38.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{027D4CEF-DCB1-4A0D-BBF3-F71798B2E5E3}
         38.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7FA09FE5-120C-4C5A-84C6-EE26D48EB65E}
         42.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\88\6F5C30910C69E038.dat
         44.2s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000139
         44.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013a
         48.0s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013b
         48.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013c
         63.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\infonaut-setup-1.10.0.14[1].exe
         64.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{58AAD675-CC65-49B9-903F-FE5DF516F5C3}
         64.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D6ED0B2A-94D1-48A3-8FF5-7FFED2EA06FB}
         66.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\22\D0291656CB7671BA.dat
         69.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{19C2D71E-A391-4A5A-94BC-16C2CCE21692}
         74.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\60\DEF3627EE754C220.dat
         76.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A34B45DD28A5DAEFDA3E0BA2FCE7DE24_1B475BE9523E51B446A2D36DD694BAEE
         76.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A34B45DD28A5DAEFDA3E0BA2FCE7DE24_1B475BE9523E51B446A2D36DD694BAEE
         77.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E2E87F5C5E119958.dat
         80.3s C:\Windows\Temp\SSL\
         80.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2997410D-D5A8-4976-987D-EFD3869427F3}
         80.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\SmartWebInstaller[1].exe
         88.8s C:\Users\Fred T\AppData\Local\SmartWeb\
         89.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\A081E7F8FD8CCED0.dat
         91.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B9C81D15-E8C5-419B-921E-54E9E398DDB2}
         93.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5F88FD83-84E8-4CE5-9AD3-F2060051A86D}
         94.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\95\B7AAA9D685C34BFB.dat
         95.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\DD22A8152D19A8C5.dat
         95.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\Setup[1].exe
         95.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F4CA92B2-8625-4649-A315-304007B7117A}
         99.0s C:\ProgramData\f1f79be1b22d4745a00de8e75c24f32b\
         99.1s C:\ProgramData\f1f79be1b22d4745a00de8e75c24f32b\9fb22ce36a094764a7909432b6d7570a
         99.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{627F2E20-EE99-45E3-87D7-EF9C0A370F7B}
         99.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\23\001B6585DA9EAAAB.dat
         102.1s C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\
         102.2s C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\6cfc113f2ace4beb9e169e92d8095b1a.exe
         105.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FCC7CA29-5C84-4281-854E-3559DDC1D94C}
         107.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AFAE87BF-961F-4284-BD8B-1EEB7AC97FB7}
         108.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EC821F95-4C6D-417B-875E-C9A7A97E98BA}
         118.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3831A3C1-18E1-49A1-BED5-DD9599E80583}
         141.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\47\9327C9AD6D219317.dat

   C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp
      Size . . . . . . . : 201,216 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:35:59)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : FEEAAE9FE69C4212E0B514ADE9F425E803A8FAEFAF13FCA8485A379CF121D6CB
      Service  . . . . . : nijyxibi
      Fuzzy  . . . . . . : 34.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\nijyxibi\
      Forensic Cluster
         -66.7s C:\Users\Fred T\AppData\Local\Temp\nsfF0F.tmp\
         -66.7s C:\Users\Fred T\AppData\Local\Temp\nsfF0F.tmp\inetc.dll
         -66.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B636E73-273F-4803-8B48-C0D682D2724D}
         -66.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DD3445A8-96A3-4B30-90FB-5F74FAF987E2}
         -65.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\74\C6C2442840E290FA.dat
         -65.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\213B7D1783AAC5FE.dat
         -65.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\
         -38.9s C:\Users\Fred T\AppData\Local\Temp\heu39T.nss
         -38.2s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\
         -36.0s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\vnsa871E.tmp
         -35.7s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\Uninstall.exe
         -25.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E3B1FD94-FBA7-4586-9BD0-ECCE39723E96}
         -24.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{51217A2C-BB30-4759-B1E3-541C31973762}
         -23.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\55\DC09574FD62AF743.dat
         -16.3s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs
         -8.3s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\rnsgF34F.exe
         -8.2s C:\Users\Fred T\AppData\Local\Temp\aff.conf
         -8.2s C:\Users\Fred T\AppData\Local\Temp\stuff1.txt
         -8.2s C:\Users\Fred T\AppData\Local\Temp\stuff2.txt
         -8.2s C:\Users\Fred T\AppData\Local\Temp\stuff3.txt
         -8.0s C:\Users\Fred T\AppData\Local\Temp\stuff4.txt
         -6.8s C:\Users\Fred T\AppData\Local\Temp\stuff5.txt
         -6.6s C:\Users\Fred T\AppData\Local\Temp\log.txt
         -6.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F99CC09-1209-4251-9A76-677F60EBED15}
         -4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{05489F61-8A02-4A3E-9CB8-234330562218}
         -4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\07\EA464F475E22AFD7.dat
         -4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\05\C2FDCBEF9254107D.dat
         -3.3s C:\Users\Fred T\AppData\Local\Temp\nsl6FB.tmp
         -1.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{43442608-F977-4B92-A8F3-5F16E471F04F}
          0.0s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp
          5.0s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
          5.1s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
          6.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{74051C6E-179C-4569-AD96-F59076BC5EDF}
         12.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7B9C76B5-9943-48C3-A907-49D721E9A156}
         14.4s C:\Users\Fred T\AppData\Local\Temp\nsq4BF8.tmp
         17.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E280FA65-7619-4451-8359-F9502A31472F}
         24.4s C:\Support\ui.exe
         34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{139DA901-C6B6-47E5-BD6D-4A73F6B1D9F8}
         34.6s C:\Support\schook.dll
         34.9s C:\Support\old_rss_debug.dat
         36.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{27F87DBD-4B38-4F85-A8C6-AC7D98FFACDC}
         36.8s C:\Windows\System32\Tasks\LaunchPreSignup
         40.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{28755890-C1B2-438E-9D43-C3735ED8D6D9}
         42.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA486C49-C998-49E5-A0A0-4642413AAAEF}
         51.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BCF9D10-129A-4B99-898E-A859B208EF7E}
         53.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\F196CE0EFD4B1912.dat
         53.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\21\543A2F77A3DE6DF9.dat
         55.8s C:\Users\Fred T\AppData\Local\Temp\EDC8.tmp
         57.3s C:\Users\Fred T\AppData\Local\Temp\F3C1.tmp
         59.8s C:\Windows\Temp\FXSTIFFDebugLogFile.txt
         59.9s C:\Windows\Temp\FXSAPIDebugLogFile.txt
         60.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{898DD262-B20A-4044-9D3E-82C65A4A08C0}
         60.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F43D1EB6-580B-4B63-8693-C5AA13000F4C}

   C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs
      Size . . . . . . . : 123,392 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:35:43)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 0EFFAD15E721A7904E358E8544130246A65D022D7AAE027EB98B2D3C0F134967
      Service  . . . . . : wojomesi
      Fuzzy  . . . . . . : 34.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\wojomesi\
      Forensic Cluster
         -50.5s C:\Users\Fred T\AppData\Local\Temp\nsfF0F.tmp\
         -50.5s C:\Users\Fred T\AppData\Local\Temp\nsfF0F.tmp\inetc.dll
         -50.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B636E73-273F-4803-8B48-C0D682D2724D}
         -50.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DD3445A8-96A3-4B30-90FB-5F74FAF987E2}
         -49.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\74\C6C2442840E290FA.dat
         -49.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\213B7D1783AAC5FE.dat
         -49.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\
         -22.7s C:\Users\Fred T\AppData\Local\Temp\heu39T.nss
         -21.9s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\
         -19.8s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\vnsa871E.tmp
         -19.4s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\Uninstall.exe
         -9.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E3B1FD94-FBA7-4586-9BD0-ECCE39723E96}
         -8.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{51217A2C-BB30-4759-B1E3-541C31973762}
         -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\55\DC09574FD62AF743.dat
          0.0s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs
          7.9s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\rnsgF34F.exe
          8.0s C:\Users\Fred T\AppData\Local\Temp\aff.conf
          8.1s C:\Users\Fred T\AppData\Local\Temp\stuff1.txt
          8.1s C:\Users\Fred T\AppData\Local\Temp\stuff2.txt
          8.1s C:\Users\Fred T\AppData\Local\Temp\stuff3.txt
          8.3s C:\Users\Fred T\AppData\Local\Temp\stuff4.txt
          9.4s C:\Users\Fred T\AppData\Local\Temp\stuff5.txt
          9.7s C:\Users\Fred T\AppData\Local\Temp\log.txt
          9.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F99CC09-1209-4251-9A76-677F60EBED15}
         11.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{05489F61-8A02-4A3E-9CB8-234330562218}
         11.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\07\EA464F475E22AFD7.dat
         11.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\05\C2FDCBEF9254107D.dat
         13.0s C:\Users\Fred T\AppData\Local\Temp\nsl6FB.tmp
         15.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{43442608-F977-4B92-A8F3-5F16E471F04F}
         16.3s C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp
         21.3s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
         21.3s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
         23.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{74051C6E-179C-4569-AD96-F59076BC5EDF}
         29.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7B9C76B5-9943-48C3-A907-49D721E9A156}
         30.6s C:\Users\Fred T\AppData\Local\Temp\nsq4BF8.tmp
         34.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E280FA65-7619-4451-8359-F9502A31472F}
         40.6s C:\Support\ui.exe
         50.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{139DA901-C6B6-47E5-BD6D-4A73F6B1D9F8}
         50.9s C:\Support\schook.dll
         51.1s C:\Support\old_rss_debug.dat
         52.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{27F87DBD-4B38-4F85-A8C6-AC7D98FFACDC}
         53.0s C:\Windows\System32\Tasks\LaunchPreSignup
         57.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{28755890-C1B2-438E-9D43-C3735ED8D6D9}
         58.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA486C49-C998-49E5-A0A0-4642413AAAEF}
         67.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BCF9D10-129A-4B99-898E-A859B208EF7E}
         69.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\F196CE0EFD4B1912.dat
         70.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\21\543A2F77A3DE6DF9.dat
         72.1s C:\Users\Fred T\AppData\Local\Temp\EDC8.tmp
         73.6s C:\Users\Fred T\AppData\Local\Temp\F3C1.tmp
         76.0s C:\Windows\Temp\FXSTIFFDebugLogFile.txt
         76.2s C:\Windows\Temp\FXSAPIDebugLogFile.txt
         76.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{898DD262-B20A-4044-9D3E-82C65A4A08C0}
         76.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F43D1EB6-580B-4B63-8693-C5AA13000F4C}


Early Warning Scoring _______________________________________________________

   C:\ProgramData\4c56173f45364d3f9e8c55c1ac72f08f\4c56173f45364d3f9e8c55c1ac72f08f.exe
      Size . . . . . . . : 347,136 bytes
      Age  . . . . . . . : 2.8 days (2015-04-19 22:32:11)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 3FDA9942DDB41E5EF966F6E20AF1B8A62BE2F1A733E29C588EF65509AB4FDB4D
      Product  . . . . . : 4c56173f45364d3f9e8c55c1ac72f08f
      Publisher
      Description  . . . : 4c56173f45364d3f9e8c55c1ac72f08f
      Version  . . . . . : 1.0.0.109
      Copyright  . . . . : Copyright (C) 2014
      Gossip . . . . . . : 56173f45364d3f9e8c55c1ac72f08f
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 10.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Authors name is missing in version info. This is not common to most programs.
      Startup
         C:\Windows\system32\Tasks\AHQFQOPD
      Forensic Cluster
         -166.6s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\
         -166.6s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\089f47fdff1d4ca5b412325fe48fa72b1059\
         -166.6s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\089f47fdff1d4ca5b412325fe48fa72b1059\winman.exe
         -165.2s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\32af0a2c11f94a2ea1adc858f147b4821082\
         -165.2s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\32af0a2c11f94a2ea1adc858f147b4821082\winsrvinst.exe
         -164.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\36\19FF258505370FB0.dat
         -163.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\523aa5da768e41b8be8835bab89db3281103\
         -163.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\523aa5da768e41b8be8835bab89db3281103\trustedwinman.exe
         -163.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0DB56E1C-3D8B-4D1D-85B7-E8B2ED697EE4}
         -163.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5E1A28EA-E67A-4B09-9B4F-D757FDAC428A}
         -162.3s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\ceaaf590ce0e4fc3b76e8ef86e8284fe1119\
         -162.3s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\ceaaf590ce0e4fc3b76e8ef86e8284fe1119\wsrv.exe
         -161.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B1999BFF-BDAA-4F1C-9945-B533B657ACD2}
         -161.1s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\eb821704222049e3b3af704f68cf6ba91130\
         -161.1s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\eb821704222049e3b3af704f68cf6ba91130\wsint.exe
         -159.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\20731c4626184ff58357589422a9d0df1157\
         -159.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\20731c4626184ff58357589422a9d0df1157\winman.exe
         -158.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4E4EA61D-B94E-45EA-B69D-390122ADB1AD}
         -158.6s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12B9DB160AD5C40A43865B2B20626F11_98A023BC83A06CBAE1520AD82A260CAB
         -158.6s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12B9DB160AD5C40A43865B2B20626F11_98A023BC83A06CBAE1520AD82A260CAB
         -158.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\35\5FBD134399F64B33.dat
         -158.5s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\445e78ae84994f7b80743939f69036081170\
         -158.5s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\445e78ae84994f7b80743939f69036081170\winsrvinst.exe
         -157.2s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\7c26447c60e1466fbbb31a447995058b1181\
         -157.2s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\7c26447c60e1466fbbb31a447995058b1181\trustedwinman.exe
         -156.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{23868F84-3380-4C43-B2A2-78053C5005A5}
         -156.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B17AB22-F9B9-4180-A7D7-19D858D54FF3}
         -155.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\2ac45627ea634ad0aba16238d5b397221185\
         -155.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\2ac45627ea634ad0aba16238d5b397221185\wsrv.exe
         -155.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F8518B3D-2323-4F56-AFDA-C724DE4DEBD8}
         -155.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{65DF36DB-5604-4D82-AA93-7D231206B936}
         -154.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{678791A0-5ED4-40C3-8580-E01A565A56C1}
         -154.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{459DE77E-C65A-4517-91FF-4B9B58A138A7}
         -154.4s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\e57d1b529f2043e99de6f7169c7e90a51186\
         -154.4s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\e57d1b529f2043e99de6f7169c7e90a51186\wsint.exe
         -154.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\59\4D55E18CAAEDA2A3.dat
         -153.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_52ED19A9955293A8BAEB2095162FA825
         -153.3s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_52ED19A9955293A8BAEB2095162FA825
         -153.1s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\b716f93ab36a48eb9c011bda5dfaf58f1205\winman.exe
         -153.1s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\b716f93ab36a48eb9c011bda5dfaf58f1205\
         -152.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7B931E51-4DC4-4EDF-AEDE-CCCFC25D3072}
         -152.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BF9F2EFE-7ADF-4D72-9A01-CE86B215F8F7}
         -151.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\e60c2841eb094fe6b239896ac0851fc11215\
         -151.8s C:\Users\Fred T\AppData\Local\Temp\e638a8e18b1e47e58c8bbc0dae7b4034\e60c2841eb094fe6b239896ac0851fc11215\winsrvinst.exe
         -150.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\
         -150.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\0D4C2A13F045640C.dat
         -149.2s C:\Users\Fred T\Documents\Java\
         -149.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{18A7F03A-4F89-4B46-9A27-B7AE4333A113}
         -147.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{36AEB98C-7817-4A1B-9BC5-8D13AECA1CDC}
         -147.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6BB7B297-FC75-44E9-90FE-130AC4253DC2}
         -147.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F2104658-2CF4-4E11-AE81-D151BD5C89ED}
         -147.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D9552E9F-5101-48BF-B7B5-50AC27F33D25}
         -142.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C35AC6C1-A6F0-4A5B-A076-50163F7D77C4}
         -141.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\19\101402677802790F.dat
         -139.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0E0AD1D9-59D5-4259-BC3A-7DEE20C61B22}
         -126.9s C:\Users\Fred T\Documents\Java\jre-8u25-windows-i586.exe
         -121.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B03F5A87-22EF-4764-BA4F-E5BDFB19630E}
         -113.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\16\3FBF36CADBF14124.dat
         -111.5s C:\Users\Fred T\AppData\LocalLow\Sun\Java\jre1.8.0_25\jre1.8.0_25.msi
         -111.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\
         -111.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\DA452D8F0B63FBCA.dat
         -109.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\34\E3F5AF0CBE98275E.dat
         -108.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\29\6EA7E039E001A4D9.dat
         -97.6s C:\Users\Fred T\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\
         -97.5s C:\Users\Fred T\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json
         -97.5s C:\Users\Fred T\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js
         -97.5s C:\Users\Fred T\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\
         -97.5s C:\Users\Fred T\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json
         -97.5s C:\Users\Fred T\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js
         -97.5s C:\Users\Fred T\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js
         -96.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6704230B-C879-475B-9F93-17F86EC93A4A}
         -96.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{80F2C741-33FB-4837-838D-8B535B464255}
         -96.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{933404DB-5886-4A8D-86C1-752714D99127}
         -95.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8DFFEEA-7BE5-4F61-A98B-D1DD37FD9A36}
         -84.1s C:\Users\Fred T\AppData\Local\Temp\MSIbee46.LOG
         -79.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\797170529439B809.dat
         -78.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\1E9C0E4AA96E059A.dat
         -78.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\963285C07222BA8B.dat
         -78.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\14\DFF7E49FA139B6F2.dat
         -78.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\92\BC21DD32AD70C7EC.dat
         -78.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\690995E3812C12AB.dat
         -78.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\37\D015F02F0AB5930D.dat
         -78.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\90\347F88C166B23586.dat
         -78.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\07\539B1F91D51CAA7F.dat
         -78.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\58\34463808290900A2.dat
         -76.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\30\
         -76.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\30\79FEBAD6168AAC12.dat
         -74.8s C:\Users\Fred T\AppData\Local\Temp\FLASHB\
         -74.7s C:\Users\Fred T\AppData\Local\Temp\FLASHB\setup.exe
         -74.4s C:\Users\Fred T\AppData\Local\Temp\IdleCrawlerIn\
         -74.0s C:\Users\Fred T\AppData\Local\Temp\IdleCrawlerIn\setup.exe
         -73.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\08\DCFFFD072390C070.dat
         -73.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\68\2382C06A7733D4F8.dat
         -73.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1D98B1D5-7C04-43B4-B836-9BAE04400D63}
         -73.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\40\A2A924BB02E6B56C.dat
         -71.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\77\FFC73802D1C95A55.dat
         -71.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\49\EF62369C70128B35.dat
         -70.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\23\46118165E5ED54FB.dat
         -68.6s C:\Users\Fred T\AppData\Local\Temp\MSIc2a9a.LOG
         -68.3s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
         -68.2s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
         -66.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\14\D6FDB5480E244686.dat
         -66.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\72\
         -65.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\72\710911A7B4223FF4.dat
         -65.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\90\
         -65.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\90\C1D8201CDBD532FE.dat
         -65.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\05\
         -64.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\05\57C6BF5936EF33C9.dat
         -63.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E4E510F44A56B8C8ECFEC352907C373_FEE36A1E50B132B0C656C60465195A4E
         -63.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E4E510F44A56B8C8ECFEC352907C373_FEE36A1E50B132B0C656C60465195A4E
         -63.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\35\0487E8E752209893.dat
         -62.7s C:\ProgramData\16dec4b29177435ca7721245d7c1d6bb\
         -62.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\29\
         -62.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\29\E48F0234B105A3E5.dat
         -62.6s C:\ProgramData\16dec4b29177435ca7721245d7c1d6bb\bde9ed6933e5478fbe1cdddc8abdb15b
         -62.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\72\8F62A19978F54634.dat
         -62.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\51\
         -62.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\51\3BAD18931E18F13F.dat
         -61.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\99\9BA613487EBFDA43.dat
         -59.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\30\698010EA85211A1E.dat
         -59.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\30\4838D62ECD024E02.dat
         -58.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\710911A7B4223FF4.dat
         -57.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\10\
         -57.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\10\EC58296C2404188A.dat
         -56.2s C:\Users\Fred T\AppData\Local\Temp\8463.exe
         -53.4s C:\ProgramData\{7281bd0e-a3a8-149b-7281-1bd0ea3af43a}\
         -53.4s C:\ProgramData\{7281bd0e-a3a8-149b-7281-1bd0ea3af43a}\hqghumeaylnlf.exe
         -53.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\91\A1EB3B47764B4427.dat
         -53.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\18\2880833072C2C2AE.dat
         -52.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\04\30503BAAF47CF694.dat
         -52.5s C:\Windows\Temp\TMP0000001E01571E7077E94056
         -48.9s C:\ProgramData\{7281bd0e-a3a8-149b-7281-1bd0ea3af43a}\hqghumeaylnlf.dat
         -43.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\75\826D3B32EAFCD283.dat
         -37.8s C:\Users\Fred T\AppData\Local\Temp\supoptsetup.exe
         -24.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\81\
         -24.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\81\A7BE1BFF9B96F3D1.dat
         -23.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F8411C8F-16B1-445E-A25E-C3E870F2671B}
         -23.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CDCE54B7-68C1-4C1F-AF06-4F5BE38C9EA6}
         -23.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E1E04AC1-52FB-4844-A2F6-07BD9E01F9FB}
         -23.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{28E2DE46-9815-41CE-B66C-7A91A4C0A6C4}
         -22.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\07\C672258FF0C75DF3.dat
         -21.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\88\AD9B4B27610646F8.dat
         -21.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\39\48DE4C13E34B41F3.dat
         -21.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\05\DF3E1680FA8F801D.dat
         -20.6s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF
         -20.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\
         -20.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\A7BE1BFF9B96F3D1.dat
         -20.5s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF
         -20.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F95FEBAFC9C0CF7BD94321095A751613_D83CD4172C253C777460808C78AF61B9
         -20.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F95FEBAFC9C0CF7BD94321095A751613_D83CD4172C253C777460808C78AF61B9
         -17.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6F0B187E-2109-4D38-865C-060B21FC0130}
         -16.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\86\7A1B4BAD9BF66746.dat
         -16.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\86\
         -16.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\88\76061FD047C5843C.dat
         -11.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6E91D47C-C48A-4A4D-9AA4-2A38094CFE20}
         -10.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1BFD5182-F7B8-409F-8815-0F890D7F75B5}
         -10.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F6C3931-04C3-437E-BF51-F7303097BDA3}
         -10.0s C:\Program Files (x86)\Super Optimizer\
         -3.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\86\7A1B4BAD9BF66746.dat
         -3.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\86\
         -3.7s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_920D2E8235B92A6639D2434B98C570F7
         -3.7s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_920D2E8235B92A6639D2434B98C570F7
         -1.8s C:\Users\Fred T\AppData\Local\globalUpdate\
         -1.7s C:\Users\Fred T\AppData\Local\globalUpdate\CrashReports\
         -1.7s C:\Program Files (x86)\globalUpdate\CrashReports\
         -1.7s C:\Program Files (x86)\globalUpdate\
         -1.6s C:\Program Files (x86)\94368114-757b-41a7-80d5-c55e9bd70e44\
         -0.8s C:\Users\Fred T\AppData\Local\Temp\chrome_installer.log
         -0.4s C:\ProgramData\4c56173f45364d3f9e8c55c1ac72f08f\
         -0.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{59216A1B-3FB1-4408-9F96-1478083DB5BE}
          0.0s C:\ProgramData\4c56173f45364d3f9e8c55c1ac72f08f\4c56173f45364d3f9e8c55c1ac72f08f.exe
          1.1s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
          1.2s C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe
          7.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1962568A-A834-4B78-BE00-3F441131E3F4}
         15.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CF9044C3-414F-45C3-BF33-3D46219C0433}
         16.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1250588C-6440-4868-8EDF-C425002BE7F6}
         16.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{36895FDC-FFA5-4EE2-B1F6-95D9F23859AB}
         23.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5D33EFB9-E809-4EBA-8545-989C111A7389}
         24.2s C:\Users\Fred T\AppData\Local\Temp\RgsOEM.ini.log
         29.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\37\58B14D6748F7D2D5.dat
         33.9s C:\Program Files (x86)\94368114-757b-41a7-80d5-c55e9bd70e44\6c1cb776-b0d7-4f8a-91c6-6aa6e53745e2.dll
         35.1s C:\Program Files (x86)\AOL\94368114-757b-41a7-80d5-c55e9bd70e44.dll
         39.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\94\734647B46697470E.dat
         39.3s C:\Users\Fred T\AppData\Local\Temp\GeekBuddy\
         39.9s C:\Users\Fred T\AppData\Local\Temp\GeekBuddy\lps-gb-vt-x64_3756227.msi
         41.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7EF3CA34-BA5C-4B83-92B1-05E2255405AB}
         41.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\73\
         41.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\73\F9737A12A3E551B5.dat
         43.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         43.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         44.2s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         44.2s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         44.6s C:\Windows\System32\Tasks\IE_ERR4WDR
         48.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\81\BF9876C96D292F4D.dat
         54.1s C:\Windows\System32\Tasks\UPDTEXE4_WDR
         58.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\85\
         58.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\85\B68D91917F2BF561.dat
         58.8s C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{AC55A77A-32B7-7F63-B483-629D641DD932}
         58.8s C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{55ACAF89-3341-0688-256F-2725E37ECF12}-Gambali.exe
         60.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\85\B68D91917F2BF561.dat
         64.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\67\4CAA0AABC9C6726B.dat
         65.9s C:\Windows\System32\Tasks\HDNINSTSCHD
         67.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D594DD1E-CF17-4076-BC9A-00465747C736}
         76.5s C:\Windows\System32\Tasks\AHQFQOPD
         80.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\48\11D31D0E1CEA7080.dat
         85.4s C:\ProgramData\COMODO\
         85.5s C:\ProgramData\COMODO\lps4\
         87.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\20\E79A9138052D9528.dat
         90.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\04\F3D8B7DE9A486008.dat
         92.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         92.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         92.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\00\02E2505E6188EAD8.dat
         92.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         92.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         92.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         92.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         93.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
         93.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
         94.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\86\770DD5EB724FD4BA.dat
         102.6s C:\Windows\Tasks\7YPFtWs7AQwWIHiTr3r.job
         102.7s C:\Windows\System32\Tasks\7YPFtWs7AQwWIHiTr3r
         106.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{79AA606B-1124-4D9A-8DCE-BFDCAF606ED8}
         106.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C2F17766-3276-4E67-A7F0-362389848117}
         108.1s C:\Users\Fred T\AppData\Roaming\7YPFtWs7AQwWIHiTr3r
         111.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\60\D4F962025334B954.dat
         113.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\47873DDD29C4161E.dat
         114.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B454F2FB-C5F3-4105-8BA7-F114D6440F09}
         115.3s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\
         115.3s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
         120.9s C:\Program Files (x86)\1607652d-b6dc-4ead-aaa5-985e7f0a235d\
         122.1s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
         122.1s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
         122.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D
         122.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_F9BDF410D651FF0504A529F7A107038D
         122.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_CE5B574D93263EC22753B6B86CD30FED
         122.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_CE5B574D93263EC22753B6B86CD30FED
         124.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
         124.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
         124.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E4E510F44A56B8C8ECFEC352907C373_BF7071BE4F04228CC7ABA04EE95FF68D
         124.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E4E510F44A56B8C8ECFEC352907C373_BF7071BE4F04228CC7ABA04EE95FF68D
         125.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37570AF16029C559A6224EE4AF54691D
         125.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37570AF16029C559A6224EE4AF54691D
         125.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9F08575E2099C04869F34A6342C1C728_F5189D0C2ECDDC32E691FFAFB48FB522
         125.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9F08575E2099C04869F34A6342C1C728_F5189D0C2ECDDC32E691FFAFB48FB522
         125.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         125.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
         125.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         126.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         126.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6
         126.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_D88B91985D14D61353E42325193EF0F9
         126.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6
         127.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_D88B91985D14D61353E42325193EF0F9
         127.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
         127.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
         127.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
         127.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
         127.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_3F598365E4D0B290D3AD8B5A424ACA1D
         127.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_3F598365E4D0B290D3AD8B5A424ACA1D
         127.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480
         127.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480
         128.1s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606
         128.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606
         128.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD
         128.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD
         128.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8
         128.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8
         128.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
         128.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_7EBD0A45B23A8A5A4C4407444411DA5F
         128.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_7EBD0A45B23A8A5A4C4407444411DA5F
         128.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx
         129.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx
         130.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_788CAF526C3593EC288A0287864B4D70
         130.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_788CAF526C3593EC288A0287864B4D70
         131.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9
         131.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5BF987767EE121EB773E3E93D13C2F30_8E045C5CB1F111608338D2D3A7DCEAD9
         131.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2
         131.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F8AAE6A916F668584D043F6543292194_D96BA187CDB0BBE4151F3618123F74F2
         131.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_CD4662E1A7F15144990B9C9F03164C3A
         131.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_CD4662E1A7F15144990B9C9F03164C3A
         132.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_A841BA3F47CDF21285863BE0D67C305A
         132.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_A841BA3F47CDF21285863BE0D67C305A
         132.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_1446AC8D1DA687567E68F8CAB20868D5
         132.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_1446AC8D1DA687567E68F8CAB20868D5
         132.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2087E0B670B77412221B4DDD6EED487
         133.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2087E0B670B77412221B4DDD6EED487
         133.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx
         133.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         133.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_DDDC31644B170614AE23E0328717C984
         133.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_DB61350C9D008CD497B1485A87B44306
         134.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_DDDC31644B170614AE23E0328717C984
         134.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_07ED5D5E73114F628A8CB6825C344DC4
         134.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_07ED5D5E73114F628A8CB6825C344DC4
         135.3s C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx
         135.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx
         138.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DCFBE0D1CA6331659926F5C956ABD621
         138.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DCFBE0D1CA6331659926F5C956ABD621
         138.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_337842F5D9CA721EDBAE82F1E909C4DD
         138.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_337842F5D9CA721EDBAE82F1E909C4DD
         139.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_E5951A97AE3CFA6A4BEF99EFE944F922
         139.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_E5951A97AE3CFA6A4BEF99EFE944F922
         139.5s C:\Program Files (x86)\1607652d-b6dc-4ead-aaa5-985e7f0a235d\a9a3ddc1-5946-4e4f-84d1-7401518d28dd.dll
         139.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_D4EE428E94B7A16FC5D103E2DB97B7B1
         139.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_D4EE428E94B7A16FC5D103E2DB97B7B1
         139.8s C:\Program Files (x86)\Adobe\1607652d-b6dc-4ead-aaa5-985e7f0a235d.dll
         140.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_FD86D1AAAEAD155A62F601F343714ED5
         140.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_FD86D1AAAEAD155A62F601F343714ED5
         141.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_BDEAB7547FB06E5458D8B1E7B8CF3282
         141.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_BDEAB7547FB06E5458D8B1E7B8CF3282
         141.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C3105D09-A944-4121-BDCB-CCA091133E7F}
         141.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{848D97C1-45C3-4679-A05A-03D45C2CAA82}
         141.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DA4E9AB6-3BF6-4B73-81A4-215A7BC1F337}
         141.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
         141.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
         141.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{98E52984-A19C-4F9A-A5D6-7E5B5D0AC396}
         142.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_135A427F1ED873A4BF5097F7A809FA2A
         142.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_135A427F1ED873A4BF5097F7A809FA2A
         142.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_ED584AAC2FBD1CBE20B4485E3FEDDA73
         142.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_ED584AAC2FBD1CBE20B4485E3FEDDA73
         142.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D
         142.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D
         142.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B7AED56F69397028F35E77E6DD681FC
         142.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B7AED56F69397028F35E77E6DD681FC
         143.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F72943F1E01540BBACB5396C76DD6AAA
         143.0s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F72943F1E01540BBACB5396C76DD6AAA
         143.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\72\B54EDEFF96212E48.dat
         145.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\17B8570797F8F0965A8D2F21BCB58771
         145.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\17B8570797F8F0965A8D2F21BCB58771
         150.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_1160B930CFE20351543BD60DF25C0667
         150.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_1160B930CFE20351543BD60DF25C0667
         150.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C815C7A5-D463-4A4B-B6EA-370A98C6246D}
         150.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6568F952-6A91-4925-9D73-01D68D4CD797}
         150.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A7A0935E-B3A6-4753-A27A-88890885AEC2}
         150.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A3E46024-53C0-4592-A34A-DEFBCF8D22C8}
         150.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB7ED274-86A5-499F-81CD-5697BB3EEAE2}
         150.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A46648B3-F951-4E0B-A871-BB4D470AC3DD}
         150.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5B1F16E4-19B1-4CF5-B23F-82290DFB38DC}
         151.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_326CA95402CB60B6A60C4129D07E3080
         151.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_326CA95402CB60B6A60C4129D07E3080
         152.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
         152.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
         152.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_920D2E8235B92A6639D2434B98C570F7
         152.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_920D2E8235B92A6639D2434B98C570F7
         153.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211
         153.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211
         154.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_A73558334E7E80E8F64352BE2FEAE85A
         154.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B1D1E71B-B9F6-46A1-A2E8-8ABF4AD90680}
         154.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1F336669-036B-46FD-8E5A-5EB6FA65D900}
         154.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3AEF2BF3-4F16-4F2B-AB83-21F934E14084}
         154.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{20BA6E5A-46A4-493B-82DE-828A3C6D836F}
         154.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_A73558334E7E80E8F64352BE2FEAE85A
         155.1s C:\Users\Fred T\AppData\Local\Temp\MSIf9473.LOG
         155.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FF33D1F5-B960-498A-8B90-05271A8B8D85}
         156.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BED5FCB0-5009-485F-85DC-111DEE5F7DD4}
         156.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{31045640-878F-4AE3-89D1-CE4B70D23EE0}
         157.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{248C1069-A588-4A25-A666-D4BD61CB30FF}
         157.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{66588810-1C76-4850-990E-DD03866C2591}
         157.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{598D032F-1EC5-4138-8120-2F128021DE7E}
         157.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{22F3FC87-6521-46E3-86A9-3A795B690F4D}
         159.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{19324BB2-3410-4675-861F-9AC8E63CA398}
         159.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{304BF623-A3DD-4028-9E99-CBD60C532115}
         159.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{47CE4251-CD35-41CF-95A3-4575C4A7634B}
         160.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{390394DB-B3AA-4111-8147-B9A03DCF119D}
         166.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{821AD89F-055A-4AEA-BB66-C28C2D1EA155}
         167.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0C223241-6FD2-4CC4-9A30-2FD407EBD016}
         168.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E99ECFEC-E5C6-43D4-BB5C-FD4B1E6C1252}
         171.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26305739-9E7E-4FF3-83C6-2D31DF9ABEF9}
         182.9s C:\Users\Fred T\AppData\Local\Temp\etilqs_jiLMmaCgFS8tcFy
         185.9s C:\Users\Fred T\AppData\Local\Temp\{05C5226D-9348-437B-A370-D32E0A0B0D5D}\
         187.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_chrome.exe_a3ae373036ed1a3347b3c22f57ca772ff0b460_00cc1382\
         187.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_chrome.exe_a3ae373036ed1a3347b3c22f57ca772ff0b460_00cc1382\Report.wer
         190.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{94780EA0-2FD5-4DC1-BB60-CBB0D8D6DA69}
         201.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\C1C087F9F7ED2C73.dat
         217.5s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\e69ee02a1ccdba10.customDestinations-ms
         229.1s C:\Users\Fred T\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ba516a1ac7e33bcb.customDestinations-ms
         240.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\34DA60AA966CD9270C5362E6AEF824CF
         240.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\34DA60AA966CD9270C5362E6AEF824CF
         241.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
         241.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928
         241.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\86\F9A4532D4EABB226.dat
         256.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7049783B-EFA3-43AC-B822-52C03F5A1B94}
         256.7s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\_isetup\
         256.7s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\
         256.8s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\_isetup\_setup64.tmp
         256.8s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\_isetup\_shfoldr.dll
         257.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B83CF3C0-C11B-4FB4-8FA9-6A8C9ACDCA75}
         257.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\96\
         258.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\96\F1AD09EDB3CFA528.dat
         258.5s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\gentlemjmp_ieeuu.exe
         262.7s C:\Users\Fred T\AppData\Local\Temp\is-U4R0R.tmp\cmd.bat
         262.8s C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\430df4230dc13bcd3dbc10c25e9b8cbf79009d87.HomeGroupClassifier\72f32e837d5625a4003271ceabe40f60\grouping\edb.log
         265.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\
         265.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\_isetup\
         265.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\_isetup\_setup64.tmp
         265.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\_isetup\_shfoldr.dll
         265.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\isskin.dll
         265.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\itdownload.dll
         266.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B60FA98E-A3FA-45E8-84A7-DCA4E6DC5C05}
         266.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F76A19CB-E137-413C-A8B1-D5E99BD8A988}
         266.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\innocallback.dll
         267.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\17\4993D475135A30B5.dat
         268.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\itd_en.ini
         271.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\myxmlconffile.xml
         271.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\380.exe
         273.1s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_0.bin
         277.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\150.exe
         279.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\289.exe
         280.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_2.bin
         280.7s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_zombie_installer_multilang.exe
         281.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_3.bin
         283.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_SByoutube_installer_multilang.exe
         284.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_4.bin
         286.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_5.bin
         286.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_airwebbar_installer_multilang.exe
         287.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_6.bin
         288.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_1_6.bin
         289.1s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe
         290.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_quickref_p_installer_multilang.exe
         293.1s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_quickref_installer_multilang.exe
         294.7s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_secureprotect_installer_multilang.exe
         295.7s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_11.bin
         296.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_optimizerpro_installer_multilang.exe
         297.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_12.bin
         299.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_13.bin
         301.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_superpct_installer_multilang.exe
         303.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_15.bin
         304.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_1_15.bin
         304.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_2_15.bin
         305.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_superpc_installer_multilang.exe
         306.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_16.bin
         307.1s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_1_16.bin
         307.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_2_16.bin
         309.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_17.bin
         311.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_pcrossbrowser_installer_multilang.exe
         312.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_18.bin
         312.7s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_1_18.bin
         313.1s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_2_18.bin
         314.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_19.bin
         315.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\11.exe
         316.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_20.bin
         318.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_21.bin
         319.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_CubepileShopperz_installer_multilang.exe
         322.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_23.bin
         323.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_bubbledock_installer_multilang.exe
         324.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_24.bin
         328.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_26.bin
         331.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_27.bin
         332.5s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_browsergood_installer_multilang.exe
         333.6s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_psafeguard_installer_multilang.exe
         336.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_30.bin
         338.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_31.bin
         339.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_mountainbike_installer_multilang.exe
         340.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DDB2983D-7F4D-4618-BF3D-DC113C719B45}
         347.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_AmNuvision_installer_multilang.exe
         348.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_36.bin
         352.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\382.exe
         353.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_39.bin
         354.0s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_sb_driverupdater_installer_multilang.exe
         355.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_40.bin
         356.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_speeditup_installer_multilang.exe
         357.4s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_41.bin
         359.8s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_42.bin
         361.3s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_43.bin
         362.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\package_BubbleSound_installer_multilang.exe
         363.2s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_0_44.bin
         363.9s C:\Users\Fred T\AppData\Local\Temp\is-PMHPB.tmp\res_1_44.bin
         365.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\94\6451FCCE89A58C9E.dat
         367.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B6316638-868B-44C6-9719-57325FCA7791}

   C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\6cfc113f2ace4beb9e169e92d8095b1a.exe
      Size . . . . . . . : 347,136 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:06:20)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : C325E89C889E39EB00D7E053D1F5DCF547D8BBCD2FFC138CB28CB52558B1E0C9
      Product  . . . . . : 6cfc113f2ace4beb9e169e92d8095b1a
      Publisher
      Description  . . . : 6cfc113f2ace4beb9e169e92d8095b1a
      Version  . . . . . : 1.0.0.109
      Copyright  . . . . : Copyright (C) 2014
      Gossip . . . . . . : fc113f2ace4beb9e169e92d8095b1a
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 10.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Authors name is missing in version info. This is not common to most programs.
      Startup
         C:\Windows\system32\Tasks\WRGSRGEXO
      Forensic Cluster
         -112.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\stats[1].htm
         -112.2s C:\Users\Fred T\AppData\Local\Temp\nswC156.tmp
         -106.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\dl[1].htm
         -102.2s C:\Users\Fred T\AppData\Local\Temp\nswE83F.tmp
         -101.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\check[1].exe
         -101.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\22\CC4EEDA64D57CCAE.dat
         -100.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26AD9EA5-A291-4F4C-A477-D16B07D62BB7}
         -96.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011a
         -95.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011b
         -95.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011c
         -95.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011d
         -95.8s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011e
         -95.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011f
         -95.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000120
         -95.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000121
         -95.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000122
         -95.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000123
         -95.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000124
         -95.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000125
         -95.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000126
         -95.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000127
         -95.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000128
         -95.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000129
         -95.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012a
         -95.3s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012b
         -95.3s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012c
         -95.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012d
         -94.3s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\static-cdn1.ustream.tv\flash.viewer.sol
         -94.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\settings.sol
         -94.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012e
         -94.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00012f
         -93.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000130
         -93.7s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000131
         -90.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000132
         -90.3s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000133
         -90.1s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000134
         -89.9s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000135
         -89.6s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000136
         -89.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\#s.ytimg.com\
         -89.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
         -89.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XWMTYTRG\s.ytimg.com\
         -88.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000137
         -85.2s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\
         -85.2s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\System.dll
         -85.0s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\WmiInspector.dll
         -84.8s C:\Users\Fred T\AppData\Local\Temp\nsw2AAA.tmp\inetc.dll
         -83.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\46\CA0E53C9C7AEEBB2.dat
         -83.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\Validate[1].exe
         -82.9s C:\Users\Fred T\AppData\Local\Temp\nsh33C2.tmp
         -82.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{41648331-496E-4DB3-A737-CEF584438061}
         -81.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\install_VO[1].htm
         -81.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\cmmdWriter[1].exe
         -75.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\setup_gmsd_us[1].exe
         -72.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000138
         -64.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{027D4CEF-DCB1-4A0D-BBF3-F71798B2E5E3}
         -63.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7FA09FE5-120C-4C5A-84C6-EE26D48EB65E}
         -60.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\88\6F5C30910C69E038.dat
         -58.0s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000139
         -57.5s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013a
         -54.2s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013b
         -53.4s C:\Users\Fred T\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00013c
         -38.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\infonaut-setup-1.10.0.14[1].exe
         -38.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{58AAD675-CC65-49B9-903F-FE5DF516F5C3}
         -37.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D6ED0B2A-94D1-48A3-8FF5-7FFED2EA06FB}
         -35.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\22\D0291656CB7671BA.dat
         -32.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{19C2D71E-A391-4A5A-94BC-16C2CCE21692}
         -28.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\60\DEF3627EE754C220.dat
         -25.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A34B45DD28A5DAEFDA3E0BA2FCE7DE24_1B475BE9523E51B446A2D36DD694BAEE
         -25.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A34B45DD28A5DAEFDA3E0BA2FCE7DE24_1B475BE9523E51B446A2D36DD694BAEE
         -25.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\84\E2E87F5C5E119958.dat
         -21.9s C:\Windows\Temp\SSL\
         -21.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2997410D-D5A8-4976-987D-EFD3869427F3}
         -21.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\SmartWebInstaller[1].exe
         -13.4s C:\Users\Fred T\AppData\Local\SmartWeb\
         -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\A081E7F8FD8CCED0.dat
         -10.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B9C81D15-E8C5-419B-921E-54E9E398DDB2}
         -8.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5F88FD83-84E8-4CE5-9AD3-F2060051A86D}
         -7.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\95\B7AAA9D685C34BFB.dat
         -6.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\DD22A8152D19A8C5.dat
         -6.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\Setup[1].exe
         -6.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F4CA92B2-8625-4649-A315-304007B7117A}
         -3.2s C:\ProgramData\f1f79be1b22d4745a00de8e75c24f32b\
         -3.1s C:\ProgramData\f1f79be1b22d4745a00de8e75c24f32b\9fb22ce36a094764a7909432b6d7570a
         -3.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{627F2E20-EE99-45E3-87D7-EF9C0A370F7B}
         -2.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\23\001B6585DA9EAAAB.dat
         -0.2s C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\
          0.0s C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\6cfc113f2ace4beb9e169e92d8095b1a.exe
          3.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FCC7CA29-5C84-4281-854E-3559DDC1D94C}
          5.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AFAE87BF-961F-4284-BD8B-1EEB7AC97FB7}
          6.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EC821F95-4C6D-417B-875E-C9A7A97E98BA}
         16.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3831A3C1-18E1-49A1-BED5-DD9599E80583}
         39.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\47\9327C9AD6D219317.dat

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\policyname[1].exe
      Size . . . . . . . : 82,999 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:19:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B7B2AB5988B5650C9628400A17A2E2594E8CA58FC15752FE9517A22C2F6F835C
      Source URL . . . . : hxxp://d10huri5h4o4a3.cloudfront.net/policyname.exe
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -37.2s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.6784.dmp
         -37.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\
         -37.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\Report.wer
         -36.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup_362[1].exe
         -36.0s C:\Users\Fred T\AppData\Local\Temp\jueC523.tmp
         -35.6s C:\Windows\Temp\DCL.log
         -35.2s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\
         -35.2s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\DCL.ini
         -35.2s C:\Windows\SysWOW64\DCLOff.ini
         -35.2s C:\Windows\System32\DCLOff.ini
         -34.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\FinalInstaller_dotnet4[1].exe
         -34.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\
         -34.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\461A879C00D56D8D.dat
         -34.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{92F4BF1B-A58B-4BA5-95C4-6C9F7EC1F579}
         -34.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\7B1DC41E0D684219.dat
         -33.6s C:\Users\Fred T\AppData\Local\Temp\jueC523.exe
         -30.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\90\1D461929122F1E1E.dat
         -30.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B29BAF4D-468F-4DA1-991E-F7CC8B9D5539}
         -29.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\7B1DC41E0D684219.dat
         -26.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\fa1b0bd2e7d0db959cc89f072bcc2425[1].htm
         -25.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\
         -25.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\container.dat
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\policyname[1].exe
          3.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\0[1].gif
          4.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\3333-5860_SpeedCheck[1].exe
          9.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\65\768BD1BD23E19DFD.dat
          9.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2E346698-15CD-4C01-9DE4-0DA109D4B1AD}
         10.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E99EC35F-5BB8-4E13-A81F-3E5D91D4B8D0}
         10.6s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.dll
         10.6s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.exe
         10.9s C:\Users\Fred T\AppData\Local\Temp\F961713E-A861-92C9-A60A-A2B7112B3CC4.exe
         11.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\60\B59412139A83F9F0.dat
         12.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F0A3011D-2A51-4314-9E6A-C1FB93BBF61D}
         12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\408335CD75A0055B.dat
         12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\
         14.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D332F75F-9A1D-48F9-A50F-A10195D1A7BF}
         15.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\F8D0F172BF8D115C.dat
         15.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\
         16.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A24C5327-3FED-45A7-9796-1B39228554CE}
         17.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\FC5BBCA7C4B52A6E.dat
         17.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EC6B0E54-D1D9-42D5-8444-523652BCBAD0}
         17.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E3D85229-8549-47C9-9144-A0B86230FA0D}
         21.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\VuuPC_VO2_8907[1].exe
         27.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\
         27.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\System.dll
         27.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsDialogs.dll
         27.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\header.bmp
         27.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\registry.dll
         27.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Math.dll
         27.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\blowfish.dll
         27.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\UserInfo.dll
         27.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\GetVersion.dll
         27.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\manlib.dll
         27.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\FirstResult.txt
         29.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\59\30C3A5A083DC27D3.dat
         29.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D9A3F49E-2527-4B0E-9CFD-1E34654EE18A}
         29.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\SecondResult.txt
         30.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\serlib.dll
         30.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer2.zip
         30.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer1.zip
         30.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer3.zip
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsisunz.dll
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_374.html
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\start-bullet.jpg
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\inner.png
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_384.html
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_392.html
         30.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsWeb_DispOffr.dll
         54.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{74D85C42-CC71-45FD-8A1B-E553AC3EFE2C}

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\ciwr[1].exe
      Size . . . . . . . : 78,497 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:15:02)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : DA385298654854F603CB1A84A9DE457C94513B1D53EA2B02E5BCD8B3C9D9B5D4
      Source URL . . . . : hxxp://d3jydz90x0ejp8.cloudfront.net/ciwr.exe
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -26.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\
         -26.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\Report.wer
         -26.2s C:\Users\Fred T\AppData\Local\CrashDumps\Gambali.exe.1184.dmp
         -16.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\1ACC9982CD14BE13.dat
         -16.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DA0E5196-E2E8-4BFC-BDE6-0D3C7CCC7A7E}
         -10.8s C:\Windows\System32\Tasks\WRGSRGEXO
         -9.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\setup[1].exe
         -8.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\
         -8.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\B33F7D4E37774B36.dat
         -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8005373-5ACD-4DE9-8541-2C8C687FB639}
         -5.8s C:\Users\Fred T\AppData\Local\Temp\1011.exe
         -4.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D78F8E44-1B7D-4145-BB25-5E1E07A728E3}
         -4.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C14A56E-D3C5-45FA-9A1D-F4215A9925D4}
         -4.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[1].gif
         -3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\40\7D8B732F1525A240.dat
         -3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\FADF0E9840820252.dat
         -3.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[1].gif
         -3.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[1].gif
         -3.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].003
         -3.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].001
         -3.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].005
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].002
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].004
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\ciwr[1].exe
          1.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{107E38CB-54B6-4B22-8A27-A9231D622051}
          1.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBA1D570-FF2F-4D82-AA2E-9E1EDA11744B}
          3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\0[1].gif
          4.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[1].gif
          4.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[1].gif
          4.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
          4.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
          4.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\SearchUpdater[1].exe
          4.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\06\D546D399989DC03A.dat
         10.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[2].gif
         11.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\installer-error[1].gif
         11.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8DB7ADA1-EED8-4F1D-AD33-F8E81E374C36}
         11.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\monetization[1].gif
         11.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\monetization[1].gif
         11.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[1].gif
         11.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[1].gif
         11.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\53\D97B12D8753CE431.dat
         11.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\analytics[1].htm
         11.8s C:\Users\Fred T\AppData\Local\Temp\nsl9C53.tmp
         12.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bundle_353[1].exe
         12.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[2].gif
         12.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[1].gif
         13.6s C:\Users\Fred T\AppData\Local\Temp\mVOA38F.tmp
         14.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\OfferInstaller_dotnet4[1].exe
         14.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[2].gif
         15.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\12\47BCE53BD7B797B0.dat
         15.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\igsSetup[1].exe
         18.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[1].gif
         20.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[2].gif
         21.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4702A49C-7886-4EA5-9011-58EC1C07CB7D}
         24.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\66\B003092BB3CF6292.dat
         26.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\IGSrv[1].exe
         27.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\43E3DFBC7DFD65C4.dat
         37.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\7840651B31875D91.dat
         38.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\runasu[1].exe
         42.2s C:\Users\Fred T\AppData\Local\Temp\MSI71313.LOG
         45.3s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\
         45.3s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_35.zip
         45.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\06C6927F8EA8E98D.dat
         46.0s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\
         46.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[3].gif
         47.0s C:\Users\Fred T\AppData\Local\Temp\inet.txt
         47.5s C:\Users\Fred T\AppData\Local\Temp\nsq27FD.tmp
         47.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B05DA74-680F-4888-BE91-0C7F66042647}
         48.3s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         48.3s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         48.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\spstub[1].exe
         48.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[2].gif
         48.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\18\A559AD194943029A.dat
         48.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\spstub[1].exe
         50.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\bBOfYV0[1].exe
         50.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F841CBEE-03E1-4DF8-8253-C5EEF481E248}
         51.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1399280E-5339-4B26-B1C3-386CA78B8936}
         51.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A192F27F-D717-4DA3-B193-D866F1835605}
         51.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{60BD1791-C59F-4B07-B986-71A087DF7C3A}
         51.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\51\D94A201A281C8DDF.dat
         52.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Setup[1].exe
         53.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\OrbiterInstaller[1].exe
         55.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[3].gif
         55.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\monetization[1].gif
         56.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup[2].exe
         56.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{291937BB-1DDB-4E57-B3C7-B10CB5AE880B}
         57.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\CT3333887[1].json
         57.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\6AE25EB025F8DE43.dat
         57.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\32\C765A9A08C85783C.dat
         59.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F3A0CD5-9469-4829-824F-09975B2C7392}
         61.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[1].xml
         63.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\ip[1].json
         64.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\settings[1].json
         65.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{90B1A6D0-2A83-4AD6-B8FE-CA28E5B2608A}
         70.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{96C28D7C-119A-4F29-BE5B-253000146776}
         70.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[1].gif
         72.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[1].xml
         77.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[1].gif
         77.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[1].gif
         77.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[2].gif
         80.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9440EA01-072D-441F-9E13-CBA4F60D564E}
         81.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{541BC465-F36E-43F2-A048-AAAF5DDFC151}
         81.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{61B22D83-306D-425D-A0AB-95A11D884DF8}
         81.7s C:\Program Files (x86)\IGS\
         81.7s C:\Program Files (x86)\IGS\DCCert.dll
         81.9s C:\Program Files (x86)\IGS\libnspr4.dll
         82.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{166AAB16-FF46-4FA0-994E-2DC7E793FD08}
         82.5s C:\Program Files (x86)\IGS\libplc4.dll
         82.5s C:\Program Files (x86)\IGS\libplds4.dll
         82.5s C:\Program Files (x86)\IGS\nss3.dll
         83.2s C:\Program Files (x86)\IGS\nssutil3.dll
         83.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C19A4CF-3DEA-4923-B364-3838490E6CAA}
         83.3s C:\Program Files (x86)\IGS\smime3.dll
         83.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2825C34F-7667-4531-86BB-3C956A597F39}
         84.2s C:\Program Files (x86)\IGS\DCL.exe
         84.6s C:\Users\Fred T\AppData\Local\Temp\DCLr.log
         87.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0ED9D986-5182-4E27-A61F-09A59A8B1E2E}
         91.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\manifest[1].xml
         101.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BF51600-B1BA-4386-A36F-55430FB53A6D}
         101.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\stats[1].gif
         102.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\740ED77010BBAD30.dat
         103.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\manifest[1].xml
         104.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\EF59A4B2616D7B8B.dat
         108.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B423B302-14A4-439D-82B0-AC4A2DD9A50A}
         108.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\apps[1].gif
         108.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[3].gif
         108.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[3].gif
         114.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[4].gif
         114.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[3].gif
         114.7s C:\Windows\Tasks\dedlXKDSO19cQpfmuc2duef1YuO.job
         115.2s C:\Windows\System32\Tasks\dedlXKDSO19cQpfmuc2duef1YuO
         115.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C397BB8-54C2-4346-A48A-73345781CE0A}
         115.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5FF714D3-46C7-4376-9415-C113469AE85E}
         116.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EA87CADC-69D7-4DE3-828E-FBCD356D117E}
         116.9s C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO
         117.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[1].gif
         117.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[1].gif
         117.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\monetization[1].gif
         119.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE0763A5-4274-4CD0-84BD-88D5C50594C7}
         120.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[4].gif
         121.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\4B6A7FB6953CFCA6.dat
         122.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\FPT6R3DS.json
         122.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[2].gif
         122.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\installer-error[1].gif
         122.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\monetization[1].gif
         122.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[2].gif
         122.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[2].gif
         123.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[4].gif
         124.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[2].gif
         126.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[5].gif
         128.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[4].gif
         129.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[5].gif
         131.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D65E069C-3A38-41EC-829F-C40D6531D113}
         133.6s C:\Users\Fred T\AppData\Local\Temp\MSI87761.LOG
         134.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[4].gif
         135.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2D09BC30-5A7C-4A4F-818E-891655A1F27D}
         142.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[2].xml
         144.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\71\C7713C33E31833AB.dat
         144.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[2].gif
         144.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\
         144.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\Report.wer
         144.6s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.620.dmp
         144.8s C:\Users\Fred T\AppData\Local\Temp\DCLR.ini.log
         146.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[2].xml
         146.1s C:\Windows\SysWOW64\DCL.dll
         146.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB202BDE-9478-433C-80ED-03C08A73B62E}
         149.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[2].gif
         150.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[3].gif
         150.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[6].gif
         156.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\manifest[1].xml
         159.0s C:\Windows\Temp\DCLr.log
         159.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\stats[1].gif
         161.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\manifest[1].xml
         161.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\
         161.4s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\Report.wer
         161.4s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.7592.dmp
         166.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\apps[1].gif
         166.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[2].gif
         167.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[5].gif
         171.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[4].gif
         171.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[7].gif
         171.4s C:\Windows\Tasks\h2QOYJzAu.job
         171.4s C:\Windows\System32\Tasks\h2QOYJzAu
         172.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F115374-555E-4D35-BE65-5DBC2876451E}
         172.4s C:\Users\Fred T\AppData\Roaming\h2QOYJzAu
         174.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\installer[1].gif
         174.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[2].gif
         174.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[3].gif

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\igsSetup[1].exe
      Size . . . . . . . : 495,192 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:15:17)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 8A5790468F03A10A4E80CD414F198D1B379BFA9BBCB407EA6A55374AB56E6E38
      Source URL . . . . : hxxp://d2fpsq9kg43yka.cloudfront.net/igsSetup.exe
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -41.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\
         -41.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\Report.wer
         -41.7s C:\Users\Fred T\AppData\Local\CrashDumps\Gambali.exe.1184.dmp
         -31.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\1ACC9982CD14BE13.dat
         -31.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DA0E5196-E2E8-4BFC-BDE6-0D3C7CCC7A7E}
         -26.3s C:\Windows\System32\Tasks\WRGSRGEXO
         -24.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\setup[1].exe
         -23.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\
         -23.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\B33F7D4E37774B36.dat
         -22.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8005373-5ACD-4DE9-8541-2C8C687FB639}
         -21.3s C:\Users\Fred T\AppData\Local\Temp\1011.exe
         -20.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D78F8E44-1B7D-4145-BB25-5E1E07A728E3}
         -19.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C14A56E-D3C5-45FA-9A1D-F4215A9925D4}
         -19.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[1].gif
         -19.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\40\7D8B732F1525A240.dat
         -19.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\FADF0E9840820252.dat
         -19.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[1].gif
         -18.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[1].gif
         -18.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].003
         -18.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].001
         -18.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].005
         -18.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].002
         -18.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].004
         -15.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\ciwr[1].exe
         -14.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{107E38CB-54B6-4B22-8A27-A9231D622051}
         -13.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBA1D570-FF2F-4D82-AA2E-9E1EDA11744B}
         -12.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\0[1].gif
         -11.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[1].gif
         -11.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[1].gif
         -11.1s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
         -11.1s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
         -11.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\SearchUpdater[1].exe
         -10.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\06\D546D399989DC03A.dat
         -4.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[2].gif
         -4.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\installer-error[1].gif
         -4.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8DB7ADA1-EED8-4F1D-AD33-F8E81E374C36}
         -4.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\monetization[1].gif
         -4.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\monetization[1].gif
         -4.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[1].gif
         -4.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[1].gif
         -4.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\53\D97B12D8753CE431.dat
         -3.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\analytics[1].htm
         -3.7s C:\Users\Fred T\AppData\Local\Temp\nsl9C53.tmp
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bundle_353[1].exe
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[2].gif
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[1].gif
         -1.9s C:\Users\Fred T\AppData\Local\Temp\mVOA38F.tmp
         -0.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\OfferInstaller_dotnet4[1].exe
         -0.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[2].gif
         -0.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\12\47BCE53BD7B797B0.dat
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\igsSetup[1].exe
          3.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[1].gif
          5.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[2].gif
          6.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4702A49C-7886-4EA5-9011-58EC1C07CB7D}
          9.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\66\B003092BB3CF6292.dat
         11.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\IGSrv[1].exe
         11.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\43E3DFBC7DFD65C4.dat
         22.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\7840651B31875D91.dat
         22.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\runasu[1].exe
         26.7s C:\Users\Fred T\AppData\Local\Temp\MSI71313.LOG
         29.8s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\
         29.8s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_35.zip
         30.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\06C6927F8EA8E98D.dat
         30.5s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\
         31.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[3].gif
         31.5s C:\Users\Fred T\AppData\Local\Temp\inet.txt
         32.0s C:\Users\Fred T\AppData\Local\Temp\nsq27FD.tmp
         32.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B05DA74-680F-4888-BE91-0C7F66042647}
         32.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         32.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         32.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\spstub[1].exe
         33.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[2].gif
         33.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\18\A559AD194943029A.dat
         33.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\spstub[1].exe
         34.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\bBOfYV0[1].exe
         34.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F841CBEE-03E1-4DF8-8253-C5EEF481E248}
         35.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1399280E-5339-4B26-B1C3-386CA78B8936}
         36.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A192F27F-D717-4DA3-B193-D866F1835605}
         36.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{60BD1791-C59F-4B07-B986-71A087DF7C3A}
         36.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\51\D94A201A281C8DDF.dat
         36.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Setup[1].exe
         37.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\OrbiterInstaller[1].exe
         40.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[3].gif
         40.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\monetization[1].gif
         40.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup[2].exe
         40.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{291937BB-1DDB-4E57-B3C7-B10CB5AE880B}
         41.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\CT3333887[1].json
         42.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\6AE25EB025F8DE43.dat
         42.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\32\C765A9A08C85783C.dat
         44.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F3A0CD5-9469-4829-824F-09975B2C7392}
         46.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[1].xml
         48.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\ip[1].json
         48.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\settings[1].json
         49.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{90B1A6D0-2A83-4AD6-B8FE-CA28E5B2608A}
         55.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{96C28D7C-119A-4F29-BE5B-253000146776}
         55.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[1].gif
         56.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[1].xml
         61.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[1].gif
         61.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[1].gif
         61.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[2].gif
         65.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9440EA01-072D-441F-9E13-CBA4F60D564E}
         65.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{541BC465-F36E-43F2-A048-AAAF5DDFC151}
         65.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{61B22D83-306D-425D-A0AB-95A11D884DF8}
         66.2s C:\Program Files (x86)\IGS\
         66.2s C:\Program Files (x86)\IGS\DCCert.dll
         66.4s C:\Program Files (x86)\IGS\libnspr4.dll
         66.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{166AAB16-FF46-4FA0-994E-2DC7E793FD08}
         67.0s C:\Program Files (x86)\IGS\libplc4.dll
         67.0s C:\Program Files (x86)\IGS\libplds4.dll
         67.0s C:\Program Files (x86)\IGS\nss3.dll
         67.7s C:\Program Files (x86)\IGS\nssutil3.dll
         67.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C19A4CF-3DEA-4923-B364-3838490E6CAA}
         67.8s C:\Program Files (x86)\IGS\smime3.dll
         68.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2825C34F-7667-4531-86BB-3C956A597F39}
         68.7s C:\Program Files (x86)\IGS\DCL.exe
         69.1s C:\Users\Fred T\AppData\Local\Temp\DCLr.log
         72.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0ED9D986-5182-4E27-A61F-09A59A8B1E2E}
         75.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\manifest[1].xml
         85.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BF51600-B1BA-4386-A36F-55430FB53A6D}
         86.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\stats[1].gif
         87.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\740ED77010BBAD30.dat
         88.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\manifest[1].xml
         89.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\EF59A4B2616D7B8B.dat
         92.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B423B302-14A4-439D-82B0-AC4A2DD9A50A}
         93.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\apps[1].gif
         93.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[3].gif
         93.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[3].gif
         98.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[4].gif
         98.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[3].gif
         99.2s C:\Windows\Tasks\dedlXKDSO19cQpfmuc2duef1YuO.job
         99.7s C:\Windows\System32\Tasks\dedlXKDSO19cQpfmuc2duef1YuO
         99.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C397BB8-54C2-4346-A48A-73345781CE0A}
         99.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5FF714D3-46C7-4376-9415-C113469AE85E}
         101.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EA87CADC-69D7-4DE3-828E-FBCD356D117E}
         101.4s C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO
         101.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[1].gif
         102.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[1].gif
         102.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\monetization[1].gif
         104.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE0763A5-4274-4CD0-84BD-88D5C50594C7}
         105.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[4].gif
         106.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\4B6A7FB6953CFCA6.dat
         107.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\FPT6R3DS.json
         107.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[2].gif
         107.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\installer-error[1].gif
         107.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\monetization[1].gif
         107.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[2].gif
         107.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[2].gif
         107.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[4].gif
         108.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[2].gif
         111.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[5].gif
         113.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[4].gif
         113.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[5].gif
         116.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D65E069C-3A38-41EC-829F-C40D6531D113}
         118.1s C:\Users\Fred T\AppData\Local\Temp\MSI87761.LOG
         119.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[4].gif
         119.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2D09BC30-5A7C-4A4F-818E-891655A1F27D}
         126.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[2].xml
         128.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\71\C7713C33E31833AB.dat
         129.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[2].gif
         129.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\
         129.1s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\Report.wer
         129.2s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.620.dmp
         129.3s C:\Users\Fred T\AppData\Local\Temp\DCLR.ini.log
         130.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[2].xml
         130.6s C:\Windows\SysWOW64\DCL.dll
         131.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB202BDE-9478-433C-80ED-03C08A73B62E}
         134.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[2].gif
         134.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[3].gif
         134.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[6].gif
         141.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\manifest[1].xml
         143.5s C:\Windows\Temp\DCLr.log
         143.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\stats[1].gif
         145.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\manifest[1].xml
         145.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\
         145.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\Report.wer
         146.0s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.7592.dmp
         151.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\apps[1].gif
         151.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[2].gif
         151.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[5].gif
         155.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[4].gif
         155.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[7].gif
         155.9s C:\Windows\Tasks\h2QOYJzAu.job
         155.9s C:\Windows\System32\Tasks\h2QOYJzAu
         156.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F115374-555E-4D35-BE65-5DBC2876451E}
         156.9s C:\Users\Fred T\AppData\Roaming\h2QOYJzAu
         158.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\installer[1].gif
         159.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[2].gif
         159.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[3].gif

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\OfferInstaller_dotnet4[1].exe
      Size . . . . . . . : 305,152 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:15:17)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55A91DD06DB6F58143D29ABE1DCB06E48A3FBED2B57F2045B837FD663699FE95
      Needs elevation  . : Yes
      Product  . . . . . : OfferInstaller
      Source URL . . . . : hxxp://direct.downthat.com/353/OfferInstaller_dotnet4.exe
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -41.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\
         -41.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\Report.wer
         -41.0s C:\Users\Fred T\AppData\Local\CrashDumps\Gambali.exe.1184.dmp
         -31.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\1ACC9982CD14BE13.dat
         -31.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DA0E5196-E2E8-4BFC-BDE6-0D3C7CCC7A7E}
         -25.6s C:\Windows\System32\Tasks\WRGSRGEXO
         -23.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\setup[1].exe
         -22.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\
         -22.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\B33F7D4E37774B36.dat
         -21.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8005373-5ACD-4DE9-8541-2C8C687FB639}
         -20.5s C:\Users\Fred T\AppData\Local\Temp\1011.exe
         -19.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D78F8E44-1B7D-4145-BB25-5E1E07A728E3}
         -19.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C14A56E-D3C5-45FA-9A1D-F4215A9925D4}
         -18.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[1].gif
         -18.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\40\7D8B732F1525A240.dat
         -18.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\FADF0E9840820252.dat
         -18.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[1].gif
         -18.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[1].gif
         -17.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].003
         -17.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].001
         -17.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].005
         -17.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].002
         -17.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].004
         -14.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\ciwr[1].exe
         -13.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{107E38CB-54B6-4B22-8A27-A9231D622051}
         -13.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBA1D570-FF2F-4D82-AA2E-9E1EDA11744B}
         -11.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\0[1].gif
         -10.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[1].gif
         -10.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[1].gif
         -10.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
         -10.4s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
         -10.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\SearchUpdater[1].exe
         -9.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\06\D546D399989DC03A.dat
         -3.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[2].gif
         -3.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\installer-error[1].gif
         -3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8DB7ADA1-EED8-4F1D-AD33-F8E81E374C36}
         -3.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\monetization[1].gif
         -3.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\monetization[1].gif
         -3.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[1].gif
         -3.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[1].gif
         -3.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\53\D97B12D8753CE431.dat
         -3.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\analytics[1].htm
         -3.0s C:\Users\Fred T\AppData\Local\Temp\nsl9C53.tmp
         -2.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bundle_353[1].exe
         -2.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[2].gif
         -2.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[1].gif
         -1.1s C:\Users\Fred T\AppData\Local\Temp\mVOA38F.tmp
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\OfferInstaller_dotnet4[1].exe
          0.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[2].gif
          0.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\12\47BCE53BD7B797B0.dat
          0.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\igsSetup[1].exe
          4.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[1].gif
          6.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[2].gif
          7.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4702A49C-7886-4EA5-9011-58EC1C07CB7D}
         10.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\66\B003092BB3CF6292.dat
         11.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\IGSrv[1].exe
         12.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\43E3DFBC7DFD65C4.dat
         23.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\7840651B31875D91.dat
         23.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\runasu[1].exe
         27.5s C:\Users\Fred T\AppData\Local\Temp\MSI71313.LOG
         30.5s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\
         30.5s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_35.zip
         30.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\06C6927F8EA8E98D.dat
         31.3s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\
         32.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[3].gif
         32.3s C:\Users\Fred T\AppData\Local\Temp\inet.txt
         32.8s C:\Users\Fred T\AppData\Local\Temp\nsq27FD.tmp
         33.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B05DA74-680F-4888-BE91-0C7F66042647}
         33.5s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         33.5s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         33.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\spstub[1].exe
         33.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[2].gif
         33.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\18\A559AD194943029A.dat
         33.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\spstub[1].exe
         35.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\bBOfYV0[1].exe
         35.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F841CBEE-03E1-4DF8-8253-C5EEF481E248}
         36.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1399280E-5339-4B26-B1C3-386CA78B8936}
         36.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A192F27F-D717-4DA3-B193-D866F1835605}
         36.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{60BD1791-C59F-4B07-B986-71A087DF7C3A}
         36.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\51\D94A201A281C8DDF.dat
         37.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Setup[1].exe
         38.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\OrbiterInstaller[1].exe
         40.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[3].gif
         40.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\monetization[1].gif
         41.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup[2].exe
         41.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{291937BB-1DDB-4E57-B3C7-B10CB5AE880B}
         42.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\CT3333887[1].json
         42.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\6AE25EB025F8DE43.dat
         42.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\32\C765A9A08C85783C.dat
         44.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F3A0CD5-9469-4829-824F-09975B2C7392}
         47.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[1].xml
         49.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\ip[1].json
         49.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\settings[1].json
         50.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{90B1A6D0-2A83-4AD6-B8FE-CA28E5B2608A}
         55.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{96C28D7C-119A-4F29-BE5B-253000146776}
         55.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[1].gif
         57.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[1].xml
         62.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[1].gif
         62.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[1].gif
         62.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[2].gif
         66.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9440EA01-072D-441F-9E13-CBA4F60D564E}
         66.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{541BC465-F36E-43F2-A048-AAAF5DDFC151}
         66.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{61B22D83-306D-425D-A0AB-95A11D884DF8}
         66.9s C:\Program Files (x86)\IGS\
         67.0s C:\Program Files (x86)\IGS\DCCert.dll
         67.1s C:\Program Files (x86)\IGS\libnspr4.dll
         67.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{166AAB16-FF46-4FA0-994E-2DC7E793FD08}
         67.7s C:\Program Files (x86)\IGS\libplc4.dll
         67.7s C:\Program Files (x86)\IGS\libplds4.dll
         67.8s C:\Program Files (x86)\IGS\nss3.dll
         68.4s C:\Program Files (x86)\IGS\nssutil3.dll
         68.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C19A4CF-3DEA-4923-B364-3838490E6CAA}
         68.6s C:\Program Files (x86)\IGS\smime3.dll
         69.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2825C34F-7667-4531-86BB-3C956A597F39}
         69.5s C:\Program Files (x86)\IGS\DCL.exe
         69.9s C:\Users\Fred T\AppData\Local\Temp\DCLr.log
         73.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0ED9D986-5182-4E27-A61F-09A59A8B1E2E}
         76.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\manifest[1].xml
         86.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BF51600-B1BA-4386-A36F-55430FB53A6D}
         87.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\stats[1].gif
         87.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\740ED77010BBAD30.dat
         89.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\manifest[1].xml
         90.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\EF59A4B2616D7B8B.dat
         93.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B423B302-14A4-439D-82B0-AC4A2DD9A50A}
         93.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\apps[1].gif
         93.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[3].gif
         93.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[3].gif
         99.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[4].gif
         99.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[3].gif
         99.9s C:\Windows\Tasks\dedlXKDSO19cQpfmuc2duef1YuO.job
         100.5s C:\Windows\System32\Tasks\dedlXKDSO19cQpfmuc2duef1YuO
         100.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C397BB8-54C2-4346-A48A-73345781CE0A}
         100.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5FF714D3-46C7-4376-9415-C113469AE85E}
         102.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EA87CADC-69D7-4DE3-828E-FBCD356D117E}
         102.2s C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO
         102.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[1].gif
         102.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[1].gif
         102.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\monetization[1].gif
         105.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE0763A5-4274-4CD0-84BD-88D5C50594C7}
         106.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[4].gif
         106.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\4B6A7FB6953CFCA6.dat
         107.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\FPT6R3DS.json
         108.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[2].gif
         108.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\installer-error[1].gif
         108.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\monetization[1].gif
         108.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[2].gif
         108.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[2].gif
         108.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[4].gif
         109.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[2].gif
         111.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[5].gif
         113.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[4].gif
         114.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[5].gif
         116.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D65E069C-3A38-41EC-829F-C40D6531D113}
         118.8s C:\Users\Fred T\AppData\Local\Temp\MSI87761.LOG
         119.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[4].gif
         120.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2D09BC30-5A7C-4A4F-818E-891655A1F27D}
         127.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[2].xml
         129.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\71\C7713C33E31833AB.dat
         129.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[2].gif
         129.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\
         129.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\Report.wer
         129.9s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.620.dmp
         130.0s C:\Users\Fred T\AppData\Local\Temp\DCLR.ini.log
         131.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[2].xml
         131.3s C:\Windows\SysWOW64\DCL.dll
         131.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB202BDE-9478-433C-80ED-03C08A73B62E}
         135.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[2].gif
         135.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[3].gif
         135.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[6].gif
         141.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\manifest[1].xml
         144.2s C:\Windows\Temp\DCLr.log
         144.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\stats[1].gif
         146.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\manifest[1].xml
         146.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\
         146.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\Report.wer
         146.7s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.7592.dmp
         152.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\apps[1].gif
         152.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[2].gif
         152.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[5].gif
         156.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[4].gif
         156.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[7].gif
         156.6s C:\Windows\Tasks\h2QOYJzAu.job
         156.6s C:\Windows\System32\Tasks\h2QOYJzAu
         157.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F115374-555E-4D35-BE65-5DBC2876451E}
         157.6s C:\Users\Fred T\AppData\Roaming\h2QOYJzAu
         159.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\installer[1].gif
         159.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[2].gif
         159.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[3].gif

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\SearchUpdater[1].exe
      Size . . . . . . . : 151,475 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:15:06)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : D993F669B96C2284E10B5DDB4EE0018D731B48737D13003562A6B3E000311BB1
      Source URL . . . . : hxxps://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -30.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\
         -30.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gambali.exe_9112c11f1c5982e24b63994e3fe9c0bc1f3949d_1462079e\Report.wer
         -30.7s C:\Users\Fred T\AppData\Local\CrashDumps\Gambali.exe.1184.dmp
         -20.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\27\1ACC9982CD14BE13.dat
         -20.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DA0E5196-E2E8-4BFC-BDE6-0D3C7CCC7A7E}
         -15.3s C:\Windows\System32\Tasks\WRGSRGEXO
         -13.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\setup[1].exe
         -12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\
         -12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\78\B33F7D4E37774B36.dat
         -11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8005373-5ACD-4DE9-8541-2C8C687FB639}
         -10.2s C:\Users\Fred T\AppData\Local\Temp\1011.exe
         -9.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D78F8E44-1B7D-4145-BB25-5E1E07A728E3}
         -8.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C14A56E-D3C5-45FA-9A1D-F4215A9925D4}
         -8.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[1].gif
         -8.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\40\7D8B732F1525A240.dat
         -8.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\42\FADF0E9840820252.dat
         -8.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[1].gif
         -7.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[1].gif
         -7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].003
         -7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].001
         -7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].005
         -7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].002
         -7.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\chrome.zip[1].004
         -4.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\ciwr[1].exe
         -3.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{107E38CB-54B6-4B22-8A27-A9231D622051}
         -2.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EBA1D570-FF2F-4D82-AA2E-9E1EDA11744B}
         -1.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\0[1].gif
         -0.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[1].gif
         -0.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[1].gif
         -0.1s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
         -0.1s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_E4B725222B89E6A15D797C64F1F9C77F
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\SearchUpdater[1].exe
          0.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\06\D546D399989DC03A.dat
          6.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\installer[2].gif
          6.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\installer-error[1].gif
          6.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8DB7ADA1-EED8-4F1D-AD33-F8E81E374C36}
          6.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\monetization[1].gif
          6.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\monetization[1].gif
          6.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[1].gif
          6.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[1].gif
          6.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\53\D97B12D8753CE431.dat
          7.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\analytics[1].htm
          7.3s C:\Users\Fred T\AppData\Local\Temp\nsl9C53.tmp
          7.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\bundle_353[1].exe
          8.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[2].gif
          8.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[1].gif
          9.2s C:\Users\Fred T\AppData\Local\Temp\mVOA38F.tmp
         10.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\OfferInstaller_dotnet4[1].exe
         10.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[2].gif
         11.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\12\47BCE53BD7B797B0.dat
         11.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\igsSetup[1].exe
         14.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[1].gif
         16.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[2].gif
         17.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4702A49C-7886-4EA5-9011-58EC1C07CB7D}
         20.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\66\B003092BB3CF6292.dat
         22.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\IGSrv[1].exe
         22.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\43E3DFBC7DFD65C4.dat
         33.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\69\7840651B31875D91.dat
         33.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\runasu[1].exe
         37.8s C:\Users\Fred T\AppData\Local\Temp\MSI71313.LOG
         40.8s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\
         40.8s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_35.zip
         41.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\06C6927F8EA8E98D.dat
         41.6s C:\Users\Fred T\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\
         42.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[3].gif
         42.6s C:\Users\Fred T\AppData\Local\Temp\inet.txt
         43.1s C:\Users\Fred T\AppData\Local\Temp\nsq27FD.tmp
         43.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2B05DA74-680F-4888-BE91-0C7F66042647}
         43.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         43.8s C:\Users\Fred T\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_E06A9A2F47903CF38BAFAA99B1C81168
         43.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\spstub[1].exe
         44.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[2].gif
         44.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\18\A559AD194943029A.dat
         44.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\spstub[1].exe
         45.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\bBOfYV0[1].exe
         45.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F841CBEE-03E1-4DF8-8253-C5EEF481E248}
         46.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1399280E-5339-4B26-B1C3-386CA78B8936}
         47.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A192F27F-D717-4DA3-B193-D866F1835605}
         47.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{60BD1791-C59F-4B07-B986-71A087DF7C3A}
         47.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\51\D94A201A281C8DDF.dat
         47.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\Setup[1].exe
         48.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\OrbiterInstaller[1].exe
         51.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[3].gif
         51.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\monetization[1].gif
         51.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup[2].exe
         52.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{291937BB-1DDB-4E57-B3C7-B10CB5AE880B}
         52.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\CT3333887[1].json
         53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\31\6AE25EB025F8DE43.dat
         53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\32\C765A9A08C85783C.dat
         55.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F3A0CD5-9469-4829-824F-09975B2C7392}
         57.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[1].xml
         59.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\ip[1].json
         59.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\settings[1].json
         60.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{90B1A6D0-2A83-4AD6-B8FE-CA28E5B2608A}
         66.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{96C28D7C-119A-4F29-BE5B-253000146776}
         66.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[1].gif
         67.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[1].xml
         72.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[1].gif
         72.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[1].gif
         72.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[2].gif
         76.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9440EA01-072D-441F-9E13-CBA4F60D564E}
         76.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{541BC465-F36E-43F2-A048-AAAF5DDFC151}
         76.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{61B22D83-306D-425D-A0AB-95A11D884DF8}
         77.2s C:\Program Files (x86)\IGS\
         77.3s C:\Program Files (x86)\IGS\DCCert.dll
         77.4s C:\Program Files (x86)\IGS\libnspr4.dll
         77.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{166AAB16-FF46-4FA0-994E-2DC7E793FD08}
         78.0s C:\Program Files (x86)\IGS\libplc4.dll
         78.0s C:\Program Files (x86)\IGS\libplds4.dll
         78.0s C:\Program Files (x86)\IGS\nss3.dll
         78.7s C:\Program Files (x86)\IGS\nssutil3.dll
         78.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6C19A4CF-3DEA-4923-B364-3838490E6CAA}
         78.9s C:\Program Files (x86)\IGS\smime3.dll
         79.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2825C34F-7667-4531-86BB-3C956A597F39}
         79.8s C:\Program Files (x86)\IGS\DCL.exe
         80.2s C:\Users\Fred T\AppData\Local\Temp\DCLr.log
         83.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0ED9D986-5182-4E27-A61F-09A59A8B1E2E}
         86.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\manifest[1].xml
         96.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BF51600-B1BA-4386-A36F-55430FB53A6D}
         97.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\stats[1].gif
         98.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\740ED77010BBAD30.dat
         99.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\manifest[1].xml
         100.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\EF59A4B2616D7B8B.dat
         103.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B423B302-14A4-439D-82B0-AC4A2DD9A50A}
         104.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\apps[1].gif
         104.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[3].gif
         104.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[3].gif
         109.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[4].gif
         109.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[3].gif
         110.2s C:\Windows\Tasks\dedlXKDSO19cQpfmuc2duef1YuO.job
         110.8s C:\Windows\System32\Tasks\dedlXKDSO19cQpfmuc2duef1YuO
         110.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C397BB8-54C2-4346-A48A-73345781CE0A}
         110.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5FF714D3-46C7-4376-9415-C113469AE85E}
         112.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EA87CADC-69D7-4DE3-828E-FBCD356D117E}
         112.5s C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO
         113.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[1].gif
         113.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[1].gif
         113.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\monetization[1].gif
         115.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DE0763A5-4274-4CD0-84BD-88D5C50594C7}
         116.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[4].gif
         117.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\82\4B6A7FB6953CFCA6.dat
         118.1s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\FPT6R3DS.json
         118.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\installer[2].gif
         118.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\installer-error[1].gif
         118.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\monetization[1].gif
         118.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[2].gif
         118.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\utility[2].gif
         118.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[4].gif
         119.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[2].gif
         122.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[5].gif
         124.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\utility[4].gif
         124.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\utility[5].gif
         127.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D65E069C-3A38-41EC-829F-C40D6531D113}
         129.1s C:\Users\Fred T\AppData\Local\Temp\MSI87761.LOG
         130.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\utility[4].gif
         130.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2D09BC30-5A7C-4A4F-818E-891655A1F27D}
         137.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\manifest[2].xml
         139.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\71\C7713C33E31833AB.dat
         140.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\stats[2].gif
         140.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\
         140.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e5b5f094e6e4d349fbddf72f01655ccecdb1a_09fca331\Report.wer
         140.2s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.620.dmp
         140.3s C:\Users\Fred T\AppData\Local\Temp\DCLR.ini.log
         141.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\manifest[2].xml
         141.6s C:\Windows\SysWOW64\DCL.dll
         142.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB202BDE-9478-433C-80ED-03C08A73B62E}
         145.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\apps[2].gif
         145.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[3].gif
         145.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[6].gif
         152.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\manifest[1].xml
         154.5s C:\Windows\Temp\DCLr.log
         154.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\stats[1].gif
         156.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\manifest[1].xml
         157.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\
         157.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_e0542a629466d7b2329e4c2d090ea49bd42dfa2_0aa4e4d3\Report.wer
         157.0s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.7592.dmp
         162.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OP4N6OW\apps[1].gif
         162.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\utility[2].gif
         162.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\utility[5].gif
         166.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\utility[4].gif
         166.8s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\utility[7].gif
         166.9s C:\Windows\Tasks\h2QOYJzAu.job
         166.9s C:\Windows\System32\Tasks\h2QOYJzAu
         167.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2F115374-555E-4D35-BE65-5DBC2876451E}
         167.9s C:\Users\Fred T\AppData\Roaming\h2QOYJzAu
         169.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\installer[1].gif
         170.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNQ3T4YR\apps[2].gif
         170.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8RI8AJ\monetization[3].gif

   C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\VuuPC_VO2_8907[1].exe
      Size . . . . . . . : 256,758 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:19:38)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : BBDA6B99B6A1E4F45104225DCAA3DFB80A95F8D794C266E792698685D97ADE0B
      Source URL . . . . : hxxp://secured.westsecurecdn.us/VuuPC_VO2_8907.exe
      Fuzzy  . . . . . . : 16.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -58.2s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.6784.dmp
         -58.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\
         -58.2s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\Report.wer
         -57.5s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup_362[1].exe
         -57.0s C:\Users\Fred T\AppData\Local\Temp\jueC523.tmp
         -56.6s C:\Windows\Temp\DCL.log
         -56.3s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\
         -56.3s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\DCL.ini
         -56.3s C:\Windows\SysWOW64\DCLOff.ini
         -56.2s C:\Windows\System32\DCLOff.ini
         -55.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\FinalInstaller_dotnet4[1].exe
         -55.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\
         -55.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\461A879C00D56D8D.dat
         -55.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{92F4BF1B-A58B-4BA5-95C4-6C9F7EC1F579}
         -55.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\7B1DC41E0D684219.dat
         -54.6s C:\Users\Fred T\AppData\Local\Temp\jueC523.exe
         -51.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\90\1D461929122F1E1E.dat
         -51.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B29BAF4D-468F-4DA1-991E-F7CC8B9D5539}
         -50.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\7B1DC41E0D684219.dat
         -47.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\fa1b0bd2e7d0db959cc89f072bcc2425[1].htm
         -46.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\
         -46.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\container.dat
         -21.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\policyname[1].exe
         -17.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\0[1].gif
         -16.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\3333-5860_SpeedCheck[1].exe
         -11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\65\768BD1BD23E19DFD.dat
         -11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2E346698-15CD-4C01-9DE4-0DA109D4B1AD}
         -10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E99EC35F-5BB8-4E13-A81F-3E5D91D4B8D0}
         -10.4s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.dll
         -10.4s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.exe
         -10.2s C:\Users\Fred T\AppData\Local\Temp\F961713E-A861-92C9-A60A-A2B7112B3CC4.exe
         -9.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\60\B59412139A83F9F0.dat
         -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F0A3011D-2A51-4314-9E6A-C1FB93BBF61D}
         -8.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\408335CD75A0055B.dat
         -8.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\
         -7.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D332F75F-9A1D-48F9-A50F-A10195D1A7BF}
         -5.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\F8D0F172BF8D115C.dat
         -5.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\
         -5.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A24C5327-3FED-45A7-9796-1B39228554CE}
         -3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\FC5BBCA7C4B52A6E.dat
         -3.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EC6B0E54-D1D9-42D5-8444-523652BCBAD0}
         -3.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E3D85229-8549-47C9-9144-A0B86230FA0D}
          0.0s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\VuuPC_VO2_8907[1].exe
          6.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\
          6.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\System.dll
          6.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsDialogs.dll
          6.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\header.bmp
          6.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\registry.dll
          6.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Math.dll
          6.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\blowfish.dll
          6.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\UserInfo.dll
          6.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\GetVersion.dll
          6.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\manlib.dll
          6.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\FirstResult.txt
          8.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\59\30C3A5A083DC27D3.dat
          8.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D9A3F49E-2527-4B0E-9CFD-1E34654EE18A}
          8.7s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\SecondResult.txt
          9.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\serlib.dll
          9.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer2.zip
          9.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer1.zip
          9.6s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer3.zip
          9.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsisunz.dll
          9.8s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_374.html
          9.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\start-bullet.jpg
          9.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\inner.png
          9.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_384.html
          9.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_392.html
          9.9s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsWeb_DispOffr.dll
         33.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{74D85C42-CC71-45FD-8A1B-E553AC3EFE2C}

   C:\Users\Fred T\AppData\Local\Temp\jueC523.exe
      Size . . . . . . . : 2,998,272 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 18:18:43)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : AB6339C36ADBF5F4420F8F7AA834D944FD1F1EDB7D23F51C4C145B9E887C5DD0
      Needs elevation  . : Yes
      Product  . . . . . : Installer
      Source URL . . . . : hxxp://storage.googleapis.com/shooky_2015-04-12_1348/FinalInstaller_dotnet4.exe
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 15.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.6s C:\Users\Fred T\AppData\Local\CrashDumps\DCL.exe.6784.dmp
         -3.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\
         -3.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DCL.exe_feae1a5472f0c2df740ab48028f9a9f741eaf4_1e11c062\Report.wer
         -2.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEB75EY6\setup_362[1].exe
         -2.4s C:\Users\Fred T\AppData\Local\Temp\jueC523.tmp
         -2.0s C:\Windows\Temp\DCL.log
         -1.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\
         -1.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DCL\DCL.ini
         -1.7s C:\Windows\SysWOW64\DCLOff.ini
         -1.6s C:\Windows\System32\DCLOff.ini
         -1.3s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\FinalInstaller_dotnet4[1].exe
         -1.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\
         -1.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\25\461A879C00D56D8D.dat
         -0.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{92F4BF1B-A58B-4BA5-95C4-6C9F7EC1F579}
         -0.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\01\7B1DC41E0D684219.dat
          0.0s C:\Users\Fred T\AppData\Local\Temp\jueC523.exe
          2.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\90\1D461929122F1E1E.dat
          2.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B29BAF4D-468F-4DA1-991E-F7CC8B9D5539}
          3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\01\7B1DC41E0D684219.dat
          7.4s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFG9QIQE\fa1b0bd2e7d0db959cc89f072bcc2425[1].htm
          7.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\
          7.7s C:\Users\Fred T\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015042020150421\container.dat
         33.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSXMXA0T\policyname[1].exe
         37.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\0[1].gif
         37.9s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO014QCR\3333-5860_SpeedCheck[1].exe
         43.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\65\768BD1BD23E19DFD.dat
         43.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2E346698-15CD-4C01-9DE4-0DA109D4B1AD}
         43.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E99EC35F-5BB8-4E13-A81F-3E5D91D4B8D0}
         44.2s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.dll
         44.2s C:\Users\Fred T\AppData\Local\Temp\320DF1DA-9800-E4D7-B05F-043FCDE94F97.exe
         44.4s C:\Users\Fred T\AppData\Local\Temp\F961713E-A861-92C9-A60A-A2B7112B3CC4.exe
         45.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\60\B59412139A83F9F0.dat
         45.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F0A3011D-2A51-4314-9E6A-C1FB93BBF61D}
         45.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\408335CD75A0055B.dat
         45.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\51\
         47.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D332F75F-9A1D-48F9-A50F-A10195D1A7BF}
         49.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\F8D0F172BF8D115C.dat
         49.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\4\12\
         49.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A24C5327-3FED-45A7-9796-1B39228554CE}
         50.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\02\FC5BBCA7C4B52A6E.dat
         50.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EC6B0E54-D1D9-42D5-8444-523652BCBAD0}
         51.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E3D85229-8549-47C9-9144-A0B86230FA0D}
         54.6s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\VuuPC_VO2_8907[1].exe
         61.0s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\
         61.0s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\System.dll
         61.0s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsDialogs.dll
         61.0s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\header.bmp
         61.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\registry.dll
         61.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Math.dll
         61.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\blowfish.dll
         61.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\UserInfo.dll
         61.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\GetVersion.dll
         61.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\manlib.dll
         61.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\FirstResult.txt
         62.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\59\30C3A5A083DC27D3.dat
         62.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D9A3F49E-2527-4B0E-9CFD-1E34654EE18A}
         63.3s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\SecondResult.txt
         64.2s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\serlib.dll
         64.2s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer2.zip
         64.2s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer1.zip
         64.2s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\Offer3.zip
         64.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsisunz.dll
         64.4s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_374.html
         64.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\start-bullet.jpg
         64.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\inner.png
         64.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_384.html
         64.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\OfferScreen_392.html
         64.5s C:\Users\Fred T\AppData\Local\Temp\nscBCBB.tmp\nsWeb_DispOffr.dll
         88.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{74D85C42-CC71-45FD-8A1B-E553AC3EFE2C}

   C:\Users\Fred T\AppData\Local\Temp\nshFD4D.tmp
      Size . . . . . . . : 61,980 bytes
      Age  . . . . . . . : 2.0 days (2015-04-20 17:06:28)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 583402324CCDDD7061DD03AD2CCA256019ACA9BE542804FC460B240D5F4D038C
      Product  . . . . . :  
      Publisher
      Description
      Version  . . . . . : 1.0.0.0
      Source URL . . . . : hxxp://download-servers.com/SysInfo/Validate.exe
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 15.0
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -2.2s C:\Users\Fred T\AppData\Local\Temp\hsperfdata_Fred T\
          0.0s C:\Users\Fred T\AppData\Local\Temp\nshFD4D.tmp
          2.1s C:\Users\Fred T\AppData\Local\Temp\JavaDeployReg.log
          3.5s C:\Users\Fred T\AppData\Local\Temp\acrord32_sbx\
          3.7s C:\Users\Fred T\AppData\Local\Temp\jusched.log
          7.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FA8B2239-F8BB-42C4-B4FF-BEEED20D4933}
          7.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9E26F34C-B921-431E-8F1D-703BA5DB0506}
         26.7s C:\Users\Fred T\AppData\Local\Temp\jre-8u45-windows-au.exe
         29.7s C:\Users\Fred T\AppData\Local\Adobe\Acrobat\11.0\Cache\AcroFnt11.lst
         30.3s C:\Users\Fred T\AppData\LocalLow\Sun\Java\jre1.8.0_45\
         30.4s C:\Users\Fred T\AppData\Local\Temp\jinstall.cfg
         30.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\20\FAE672DE0023EFDC.dat
         33.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0AFBACDF-6ADA-4430-9CCB-74DC9B5344A7}
         35.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{81FD5FEF-59F1-42A9-9D3D-B640FEAA97ED}
         35.8s C:\Users\Fred T\AppData\LocalLow\Sun\Java\jre1.8.0_45\LZMA_EXE
         37.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E371F3DA-1DA1-4C3C-9783-54AD05F44A15}
         43.5s C:\Users\Fred T\AppData\Local\Temp\java_install_sp.log
         73.8s C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F83218045F0}
         74.2s C:\Program Files (x86)\Java\jre1.8.0_45\
         74.7s C:\Windows\Installer\37e1db.msi
         77.6s C:\Users\Fred T\AppData\Local\Temp\AdobeARM.log
         79.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{45CDD28F-6C1E-4D6B-9ABD-6772554DF98B}
         79.2s C:\Users\Fred T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF10A1EN\Reader11Manifest[1].msi
         82.0s C:\Program Files (x86)\Java\jre1.8.0_45\COPYRIGHT
         82.0s C:\Program Files (x86)\Java\jre1.8.0_45\LICENSE
         82.0s C:\Program Files (x86)\Java\jre1.8.0_45\README.txt
         82.8s C:\Program Files (x86)\Java\jre1.8.0_45\THIRDPARTYLICENSEREADME-JAVAFX.txt
         82.8s C:\Program Files (x86)\Java\jre1.8.0_45\THIRDPARTYLICENSEREADME.txt
         82.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26BE622F-90D5-4C8C-B92A-4F0F930E823B}
         82.8s C:\Program Files (x86)\Java\jre1.8.0_45\Welcome.html
         83.0s C:\ProgramData\Adobe\ARM\S\
         83.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\
         83.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\awt.dll
         83.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\bci.dll
         83.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\client\
         83.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\client\jvm.dll
         83.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\client\Xusage.txt
         83.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dcpr.dll
         83.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\decora_sse.dll
         83.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\deploy.dll
         83.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\
         83.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\deployJava1.dll
         83.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
         83.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dt_shmem.dll
         83.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\dt_socket.dll
         83.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\eula.dll
         83.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\fontmanager.dll
         84.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\fxplugins.dll
         84.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\glass.dll
         84.7s C:\Program Files (x86)\Java\jre1.8.0_45\bin\glib-lite.dll
         84.7s C:\Program Files (x86)\Java\jre1.8.0_45\bin\gstreamer-lite.dll
         85.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\hprof.dll
         85.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\instrument.dll
         85.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\j2pcsc.dll
         85.6s C:\Program Files (x86)\Java\jre1.8.0_45\bin\j2pkcs11.dll
         85.6s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jaas_nt.dll
         85.6s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe
         85.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe
         85.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.dll
         85.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
         85.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\JavaAccessBridge-32.dll
         85.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.cpl
         86.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
         86.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javafx_font.dll
         86.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javafx_font_t2k.dll
         86.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javafx_iio.dll
         86.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
         86.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe
         86.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\java_crw_demo.dll
         86.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jawt.dll
         86.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\JAWTAccessBridge-32.dll
         86.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jdwp.dll
         86.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jfr.dll
         86.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jfxmedia.dll
         87.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jfxwebkit.dll
         87.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe
         87.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jli.dll
         87.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2iexp.dll
         87.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
         87.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2native.dll
         87.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jpeg.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jsdt.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jsound.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\jsoundds.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\kcms.dll
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe
         87.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe
         87.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe
         89.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe
         89.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\lcms.dll
         89.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\management.dll
         89.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\mlib_image.dll
         89.2s C:\Program Files (x86)\Java\jre1.8.0_45\bin\msvcr100.dll
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\net.dll
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\nio.dll
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\npt.dll
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\msvcr100.dll
         89.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
         89.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe
         89.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\prism_common.dll
         89.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\prism_d3d.dll
         90.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\prism_es2.dll
         90.3s C:\Program Files (x86)\Java\jre1.8.0_45\bin\prism_sw.dll
         90.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\resource.dll
         90.4s C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\splashscreen.dll
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe
         90.5s C:\Program Files (x86)\Java\jre1.8.0_45\bin\sunec.dll
         90.6s C:\Program Files (x86)\Java\jre1.8.0_45\bin\sunmscapi.dll
         90.6s C:\Program Files (x86)\Java\jre1.8.0_45\bin\t2k.dll
         90.7s C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe
         90.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack.dll
         90.8s C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe
         90.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\verify.dll
         90.9s C:\Program Files (x86)\Java\jre1.8.0_45\bin\w2k_lsa_auth.dll
         91.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\WindowsAccessBridge-32.dll
         91.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\wsdetect.dll
         91.0s C:\Program Files (x86)\Java\jre1.8.0_45\bin\zip.dll
         91.0s C:\Program Files (x86)\Java\jre1.8.0_45\lib\
         91.0s C:\Program Files (x86)\Java\jre1.8.0_45\lib\accessibility.properties
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\applet\
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\calendars.properties
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\classlist
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\CIEXYZ.pf
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\GRAY.pf
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\LINEAR_RGB.pf
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\PYCC.pf
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\cmm\sRGB.pf
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\content-types.properties
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\currency.data
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages.properties
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_de.properties
         91.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_es.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_fr.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_it.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_ja.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_ko.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_pt_BR.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_sv.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_zh_CN.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_zh_HK.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\messages_zh_TW.properties
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\splash.gif
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\splash@2x.gif
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\access-bridge-32.jar
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\cldrdata.jar
         91.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\dnsns.jar
         91.3s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\jaccess.jar
         91.4s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\meta-index
         91.4s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\nashorn.jar
         91.4s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\sunec.jar
         91.4s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\sunjce_provider.jar
         91.4s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\sunmscapi.jar
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\sunpkcs11.jar
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\zipfs.jar
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\flavormap.properties
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fontconfig.bfc
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fontconfig.properties.src
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaBrightDemiBold.ttf
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaBrightDemiItalic.ttf
         91.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaBrightItalic.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaBrightRegular.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaSansDemiBold.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaSansRegular.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaTypewriterBold.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\fonts\LucidaTypewriterRegular.ttf
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\hijrah-config-umalqura.properties
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\i386\
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\i386\jvm.cfg
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\cursors.properties
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\invalid32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_CopyDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_CopyNoDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_LinkDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_LinkNoDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_MoveDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\images\cursors\win32_MoveNoDrop32x32.gif
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\javafx.properties
         91.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jce.jar
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jfr\
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jfr\default.jfc
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jfr\profile.jfc
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jfr.jar
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jfxswt.jar
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jvm.hprof.txt
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\logging.properties
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management\
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management\jmxremote.access
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management\jmxremote.password.template
         91.7s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management\management.properties
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management\snmp.acl.template
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\management-agent.jar
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\meta-index
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\net.properties
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\psfont.properties.ja
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\psfontj2d.properties
         91.8s C:\Program Files (x86)\Java\jre1.8.0_45\lib\resources.jar
         91.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\
         91.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\blacklist
         91.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\blacklisted.certs
         91.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts
         91.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\java.policy
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\java.security
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\javaws.policy
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\local_policy.jar
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\trusted.libraries
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\US_export_policy.jar
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\sound.properties
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\tzdb.dat
         92.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\tzmappings
         92.3s C:\Program Files (x86)\Java\jre1.8.0_45\release
         92.9s C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy.jar
         93.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\javaws.jar
         93.1s C:\Program Files (x86)\Java\jre1.8.0_45\lib\plugin.jar
         93.2s C:\Program Files (x86)\Java\jre1.8.0_45\lib\rt.jar
         94.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\charsets.jar
         94.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\jsse.jar
         94.5s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\localedata.jar
         94.6s C:\Program Files (x86)\Java\jre1.8.0_45\lib\ext\jfxrt.jar
         96.1s C:\Program Files (x86)\Java\jre1.8.0_45\bin\client\classes.jsa
         107.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{84E03F83-03B8-4B39-B86F-0D9B5AE57203}
         108.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CB689961-9AAF-47EF-9B1F-D9F678CA3A27}
         109.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EA95F312-7CA8-4278-B4F7-877DAF864EE2}

   C:\Windows\system32\aepdu.dll
      Size . . . . . . . : 227,328 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:01:30)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : E2A00EC8760F0F3B7B7C674CED3734EE34D8EBD8A32B8887CD8E8B5516214BCC
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Program Compatibility Data Updater
      Version  . . . . . : 6.1.7601.18803
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 6.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
         C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      Forensic Cluster
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_52c042bea77b219a3cbbca15a67304dd_31bf3856ad364e35_6.1.7601.18803_none_c16b2a6e079e55bc.manifest
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_6af953e97c9af283b86c7b82161c90d4_31bf3856ad364e35_6.1.7601.18803_none_c57917173ab7f793.manifest
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_ddf1da69f245e00a4e8bb50e3feb584a_31bf3856ad364e35_6.1.7601.18803_none_f1c5c2b04c28588b.manifest
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_e5f8a8dbd307a578025349637b5b582a_31bf3856ad364e35_6.1.7601.18803_none_bb3da4982e409758.manifest
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_f94a53c53847f6e20449a42057beb379_31bf3856ad364e35_6.1.7601.18803_none_f5ad56fbac1bb24d.manifest
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\state
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.cat
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.mum
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64-express.cab
         -0.2s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64.psf.cix.xml
          0.0s C:\Windows\System32\aepdu.dll
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\aeinv.dll
          0.1s C:\Windows\System32\appraiser\nxquery.sys
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\QueryAppBlock.exe
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wicainventory.exe
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat32.txt
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat64.txt
          0.3s C:\Windows\System32\appraiser\hwcompat.txt
          0.3s C:\Windows\System32\appraiser\hwexclude.txt
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude64.txt
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude32.txt
          0.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.dll
          0.6s C:\Windows\System32\CompatTel\dismapi.dll
          0.6s C:\Windows\System32\CompatTel\dismcore.dll
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wdscore.dll
          0.8s C:\Windows\System32\CompatTel\logprovider.dll
          0.9s C:\Windows\System32\CompatTel\dismcoreps.dll
          1.1s C:\Windows\System32\CompatTel\dismprov.dll
          1.3s C:\Windows\System32\CompatTel\compatprovider.dll
          1.3s C:\Windows\System32\CompatTel\folderprovider.dll
          1.3s C:\Windows\System32\CompatTel\imagingprovider.dll
          1.3s C:\Windows\System32\CompatTel\wimprovider.dll
          1.3s C:\Windows\System32\CompatTel\ffuprovider.dll
          1.3s C:\Windows\System32\CompatTel\vhdprovider.dll
          1.4s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l1-1-0.dll
          1.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\setupcompat.dll
          2.0s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-ole32-l1-1-1.dll
          2.2s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l1-1-1.dll
          2.2s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l2-1-0.dll
          2.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\SBCompatPlugin.dll
          2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\MediaCenterCompat.dll
          2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatplugin.dll
          2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatctrl.dll
          2.4s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-user32-l1-1-1.dll
          2.5s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l4-1-0.dll
          2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DVDPlaybackCompat.dll
          2.5s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-version-l1-1-0.dll
          2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\TouchCompat.dll
          2.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\GadgetCompliance.dll
          2.6s C:\Windows\System32\aeinv.dll
          2.6s C:\Windows\System32\aepic.dll
          2.7s C:\Windows\System32\invagent.dll
          2.8s C:\Windows\System32\appraiser.dll
          2.8s C:\Windows\System32\devinv.dll
          2.9s C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\aeinv.mof
          2.9s C:\Windows\System32\acmigration.dll
          2.9s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\sdbapiu.dll
          2.9s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\cosquery.dll
          3.0s C:\Windows\System32\appraiser\nxquery.inf
          3.0s C:\Windows\System32\generaltel.dll
          3.0s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DevInv.dll
          3.0s C:\Windows\System32\CompatTel\diagtrack.dll
          3.0s C:\Windows\System32\CompatTel\diagtrackrunner.exe
          3.1s C:\Windows\System32\aitstatic.exe
          3.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatResources.dll
          3.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.ini
          3.2s C:\Windows\System32\appraiser\appraiser.sdb
          3.2s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32.sdb
          3.3s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32runtime.sdb
          3.3s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain64.sdb
          3.4s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64.sdb
          3.4s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64runtime.sdb
          3.4s C:\Windows\AppPatch\frxmain.sdb
          3.4s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain32.sdb
          3.5s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\
          3.5s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\
          3.5s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\
          3.5s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.18803_none_cf98162f99a0f024\
          3.5s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\
          3.6s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\

   C:\Windows\system32\appraiser.dll
      Size . . . . . . . : 957,952 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:01:33)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 2C7F14C5FD0F13F9070B02340F4D7D7ECDD20D63AC01CBC8A158247492EFA2C9
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Compatibility Appraiser
      Version  . . . . . : 10.0.10037.0
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 6.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      Forensic Cluster
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_52c042bea77b219a3cbbca15a67304dd_31bf3856ad364e35_6.1.7601.18803_none_c16b2a6e079e55bc.manifest
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_6af953e97c9af283b86c7b82161c90d4_31bf3856ad364e35_6.1.7601.18803_none_c57917173ab7f793.manifest
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_ddf1da69f245e00a4e8bb50e3feb584a_31bf3856ad364e35_6.1.7601.18803_none_f1c5c2b04c28588b.manifest
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_e5f8a8dbd307a578025349637b5b582a_31bf3856ad364e35_6.1.7601.18803_none_bb3da4982e409758.manifest
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_f94a53c53847f6e20449a42057beb379_31bf3856ad364e35_6.1.7601.18803_none_f5ad56fbac1bb24d.manifest
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\state
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.cat
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.mum
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64-express.cab
         -3.0s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64.psf.cix.xml
         -2.8s C:\Windows\System32\aepdu.dll
         -2.7s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\aeinv.dll
         -2.7s C:\Windows\System32\appraiser\nxquery.sys
         -2.7s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\QueryAppBlock.exe
         -2.7s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wicainventory.exe
         -2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat32.txt
         -2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat64.txt
         -2.5s C:\Windows\System32\appraiser\hwcompat.txt
         -2.5s C:\Windows\System32\appraiser\hwexclude.txt
         -2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude64.txt
         -2.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude32.txt
         -2.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.dll
         -2.2s C:\Windows\System32\CompatTel\dismapi.dll
         -2.2s C:\Windows\System32\CompatTel\dismcore.dll
         -2.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wdscore.dll
         -2.0s C:\Windows\System32\CompatTel\logprovider.dll
         -1.9s C:\Windows\System32\CompatTel\dismcoreps.dll
         -1.7s C:\Windows\System32\CompatTel\dismprov.dll
         -1.5s C:\Windows\System32\CompatTel\compatprovider.dll
         -1.5s C:\Windows\System32\CompatTel\folderprovider.dll
         -1.5s C:\Windows\System32\CompatTel\imagingprovider.dll
         -1.5s C:\Windows\System32\CompatTel\wimprovider.dll
         -1.5s C:\Windows\System32\CompatTel\ffuprovider.dll
         -1.5s C:\Windows\System32\CompatTel\vhdprovider.dll
         -1.4s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l1-1-0.dll
         -1.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\setupcompat.dll
         -0.8s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-ole32-l1-1-1.dll
         -0.6s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l1-1-1.dll
         -0.6s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l2-1-0.dll
         -0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\SBCompatPlugin.dll
         -0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\MediaCenterCompat.dll
         -0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatplugin.dll
         -0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatctrl.dll
         -0.4s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-user32-l1-1-1.dll
         -0.3s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l4-1-0.dll
         -0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DVDPlaybackCompat.dll
         -0.2s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-version-l1-1-0.dll
         -0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\TouchCompat.dll
         -0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\GadgetCompliance.dll
         -0.2s C:\Windows\System32\aeinv.dll
         -0.2s C:\Windows\System32\aepic.dll
         -0.1s C:\Windows\System32\invagent.dll
          0.0s C:\Windows\System32\appraiser.dll
          0.0s C:\Windows\System32\devinv.dll
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\aeinv.mof
          0.1s C:\Windows\System32\acmigration.dll
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\sdbapiu.dll
          0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\cosquery.dll
          0.2s C:\Windows\System32\appraiser\nxquery.inf
          0.2s C:\Windows\System32\generaltel.dll
          0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DevInv.dll
          0.2s C:\Windows\System32\CompatTel\diagtrack.dll
          0.2s C:\Windows\System32\CompatTel\diagtrackrunner.exe
          0.3s C:\Windows\System32\aitstatic.exe
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatResources.dll
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.ini
          0.4s C:\Windows\System32\appraiser\appraiser.sdb
          0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32.sdb
          0.5s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32runtime.sdb
          0.5s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain64.sdb
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64.sdb
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64runtime.sdb
          0.6s C:\Windows\AppPatch\frxmain.sdb
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain32.sdb
          0.7s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\
          0.7s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\
          0.7s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\
          0.7s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.18803_none_cf98162f99a0f024\
          0.7s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\

   C:\Windows\System32\credssp.dll
      Size . . . . . . . : 22,016 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:22:17)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 4EDE66DB6EDC2790F666DD813D14BBCA195D04D52989F6E0A238307A625A58E8
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Credential Delegation Security Package
      Version  . . . . . : 6.1.7601.18798
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 14.0
         Loads as a custom security support provider (SSP). Malware tends to start this way.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders

   C:\Windows\system32\drivers\HTTP.sys
      Size . . . . . . . : 754,688 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:21:38)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : HTTP Protocol Stack
      Version  . . . . . : 6.1.7601.18772
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Service  . . . . . : HTTP
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 6.0
         Starts automatically as a service during system bootup.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\HTTP\

   C:\Windows\system32\IEEtwCollector.exe
      Size . . . . . . . : 114,688 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:21:35)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 38763A81F9C7BA2AFAFD96285A14FEBEEAC41762C2799544C0B05A975C1D64F1
      Product  . . . . . : Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : IE ETW Collector Service
      Version  . . . . . : 11.00.9600.17728
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Service  . . . . . : IEEtwCollectorService
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 6.0
         Starts automatically as a service during system bootup.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService\

   C:\Windows\System32\ieframe.dll
      Size . . . . . . . : 14,397,440 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:21:21)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E0B560BBE9EBA4828CC4F91A98C35723AEF7B31FFF180B58D92BF7F1BBE99A6F
      Product  . . . . . : Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Internet Browser
      Version  . . . . . : 11.00.9600.17728
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 10.0
         This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-21-1956736502-3406738524-1949330324-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
      References
         HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

   C:\Windows\system32\invagent.dll
      Size . . . . . . . : 769,536 bytes
      Age  . . . . . . . : 2.1 days (2015-04-20 16:01:33)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 1B9BBC4CA9F709433F648E157D5EE70C7576867BADE4286539555B85BDBC50A3
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Inventory Agent
      Version  . . . . . : 10.0.10037.0
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 6.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      Forensic Cluster
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_52c042bea77b219a3cbbca15a67304dd_31bf3856ad364e35_6.1.7601.18803_none_c16b2a6e079e55bc.manifest
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_6af953e97c9af283b86c7b82161c90d4_31bf3856ad364e35_6.1.7601.18803_none_c57917173ab7f793.manifest
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_ddf1da69f245e00a4e8bb50e3feb584a_31bf3856ad364e35_6.1.7601.18803_none_f1c5c2b04c28588b.manifest
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_e5f8a8dbd307a578025349637b5b582a_31bf3856ad364e35_6.1.7601.18803_none_bb3da4982e409758.manifest
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_f94a53c53847f6e20449a42057beb379_31bf3856ad364e35_6.1.7601.18803_none_f5ad56fbac1bb24d.manifest
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\state
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_1_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_2_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_3_for_kb2952664~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.cat
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\package_for_kb2952664_sp1~31bf3856ad364e35~amd64~~6.1.9.8.mum
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.cat
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\update.mum
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64-express.cab
         -2.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\windows6.1-kb2952664-v9-x64.psf.cix.xml
         -2.7s C:\Windows\System32\aepdu.dll
         -2.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\aeinv.dll
         -2.6s C:\Windows\System32\appraiser\nxquery.sys
         -2.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\QueryAppBlock.exe
         -2.6s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wicainventory.exe
         -2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat32.txt
         -2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwcompat64.txt
         -2.4s C:\Windows\System32\appraiser\hwcompat.txt
         -2.4s C:\Windows\System32\appraiser\hwexclude.txt
         -2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude64.txt
         -2.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\hwexclude32.txt
         -2.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.dll
         -2.1s C:\Windows\System32\CompatTel\dismapi.dll
         -2.1s C:\Windows\System32\CompatTel\dismcore.dll
         -2.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wdscore.dll
         -1.9s C:\Windows\System32\CompatTel\logprovider.dll
         -1.8s C:\Windows\System32\CompatTel\dismcoreps.dll
         -1.6s C:\Windows\System32\CompatTel\dismprov.dll
         -1.4s C:\Windows\System32\CompatTel\compatprovider.dll
         -1.4s C:\Windows\System32\CompatTel\folderprovider.dll
         -1.4s C:\Windows\System32\CompatTel\imagingprovider.dll
         -1.4s C:\Windows\System32\CompatTel\wimprovider.dll
         -1.4s C:\Windows\System32\CompatTel\ffuprovider.dll
         -1.4s C:\Windows\System32\CompatTel\vhdprovider.dll
         -1.3s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l1-1-0.dll
         -1.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\setupcompat.dll
         -0.7s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-ole32-l1-1-1.dll
         -0.5s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l1-1-1.dll
         -0.5s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-kernel32-l2-1-0.dll
         -0.5s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\SBCompatPlugin.dll
         -0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\MediaCenterCompat.dll
         -0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatplugin.dll
         -0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatctrl.dll
         -0.3s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-user32-l1-1-1.dll
         -0.2s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-advapi32-l4-1-0.dll
         -0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DVDPlaybackCompat.dll
         -0.2s C:\Windows\System32\CompatTel\Api-ms-win-downlevel-version-l1-1-0.dll
         -0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\TouchCompat.dll
         -0.1s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\GadgetCompliance.dll
         -0.1s C:\Windows\System32\aeinv.dll
         -0.1s C:\Windows\System32\aepic.dll
          0.0s C:\Windows\System32\invagent.dll
          0.1s C:\Windows\System32\appraiser.dll
          0.1s C:\Windows\System32\devinv.dll
          0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\aeinv.mof
          0.2s C:\Windows\System32\acmigration.dll
          0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\sdbapiu.dll
          0.2s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\cosquery.dll
          0.2s C:\Windows\System32\appraiser\nxquery.inf
          0.2s C:\Windows\System32\generaltel.dll
          0.3s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\DevInv.dll
          0.3s C:\Windows\System32\CompatTel\diagtrack.dll
          0.3s C:\Windows\System32\CompatTel\diagtrackrunner.exe
          0.4s C:\Windows\System32\aitstatic.exe
          0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\compatResources.dll
          0.4s C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\wica.ini
          0.5s C:\Windows\System32\appraiser\appraiser.sdb
          0.5s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32.sdb
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain32runtime.sdb
          0.6s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain64.sdb
          0.7s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64.sdb
          0.7s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\sysmain64runtime.sdb
          0.7s C:\Windows\AppPatch\frxmain.sdb
          0.7s C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\drvmain32.sdb
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc\
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab\
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.18803_none_cf98162f99a0f024\
          0.8s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\
          0.9s C:\Windows\SoftwareDistribution\Download\f6b3685c3720d8fa05091e2a676469fa\cbshandler\

   C:\Windows\System32\lsass.exe
      Size . . . . . . . : 31,232 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:22:18)
      Entropy  . . . . . : 5.2
      SHA-256  . . . . . : 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Local Security Authority Process
      Version  . . . . . : 6.1.7601.18798
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Service  . . . . . : VaultSvc
      Parent Name  . . . : C:\Windows\system32\wininit.exe
      LanguageID . . . . : 1033
      Running processes  : 716
      Fuzzy  . . . . . . : 12.0
         This program is actively listening for inbound network connections.
         Starts automatically as a service during system bootup.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\EFS\
         HKLM\SYSTEM\CurrentControlSet\Services\KeyIso\
         HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\
         HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\
         HKLM\SYSTEM\CurrentControlSet\Services\SamSs\
         HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc\
      Network Ports
         0.0.0.0:49157	

   C:\Windows\System32\winsrv.dll
      Size . . . . . . . : 215,040 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:22:19)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Multi-User Windows Server DLL
      Version  . . . . . : 6.1.7601.18798
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 11.0
         Program is running but currently exposes no human-computer interface (GUI).
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Windows

   C:\Windows\system32\wuaueng.dll
      Size . . . . . . . : 2,553,856 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:22:37)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Windows Update Agent
      Version  . . . . . : 7.6.7601.18804
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Service  . . . . . : wuauserv
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 10.0
         Starts automatically as a service during system bootup.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\

   C:\Windows\SysWOW64\ieframe.dll
      Size . . . . . . . : 12,825,600 bytes
      Age  . . . . . . . : 7.9 days (2015-04-14 19:21:29)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 6722D06EB26321C00A1BF43E1A6AE551DF742D29558F6866C8750513661CE3AB
      Product  . . . . . : Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Internet Browser
      Version  . . . . . : 11.00.9600.17728
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 10.0
         This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Time indicates that the file appeared recently on this computer.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-21-1956736502-3406738524-1949330324-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
     
    hunters, Apr 22, 2015
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Viewpoint Media Player <<< Uninstall this.


    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nijyxibi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp) -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wojomesi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs) -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nijyxibi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp) -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wojomesi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs) -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nijyxibi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\jnsl3E.tmp) -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wojomesi (C:\Users\Fred T\AppData\Roaming\4C4C4544-1429565721-3810-8030-C6C04F543132\nsqC0A9.tmpfs) -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.

    Same for these items on the Scheduled Tasks tab

    • [Suspicious.Path] 7YPFtWs7AQwWIHiTr3r.job -- C:\Users\Fred T\AppData\Roaming\7YPFtWs7AQwWIHiTr3r.exe (--c=cNa0KPHDw9KycKU57y2aG4SeZ5ntRUunt8fSGdz2hUMrBAspfjH35x03Gx1ZZH4VW+fVhIpprCV7+kXrmQzDjcxgaG0E8lSOdXAoXlvSpTRKuY47HoAEYbbU6u5XIUCxPbL3QC9VfmtKIO8JY8aIJWt799dLjl64IvlcUV1ZiMd4qgqGCoq8JLqwQrccimlLTU/Wa8CCBHjlFAKUj/YoTpZ7ugXpG7Q6jv0r31QsFREYAr/1vhbpK7VTGa3nXrgqLd4b8ZsXwFHlGoB0AGd/SDVBo3I6gi0icJ/Xj+CQ0V7bt4WxQmux0h3HCbxBtD55wgasEKvR1WnqU+o6l4Khfw==) -> Found
    • [Suspicious.Path] dedlXKDSO19cQpfmuc2duef1YuO.job -- C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO.exe (--c=ZTtH0WHagR7pAuTSrLLt0XEDLtiLeWexUBbJaVko1ZNWxljDN17GqTBPiE1Cy7G5IIrnL+8L1hR82BayeG3pacXDrojGauS/Mw49ONEKzPkqIKbdeC8oTLX/Ms8uk+3tvkAbFQDSItREUX+vBJN7n0dkNW40udshWTQNpm2zsX8CRnDZZ3JEl6B/ur/qdEN80lIhxNSbsrQ6VE61imjq3ucg1EpcdB5wmjAfsKKT6Wkoz7fLSzFdsTlLyLhmgvXvNVWtaHNjMhH12BsJ2hSj9sCTQ0ez+qb4fO559RUu6z1ERgPoFc7bOtpHL4y52AxRYyv3Bi0Np5zsAu3F/PXVFA==) -> Found
    • [Suspicious.Path] h2QOYJzAu.job -- C:\Users\Fred T\AppData\Roaming\h2QOYJzAu.exe (--c=DYbUg29zOln7R+X36ax/kUkROco7oDMSoXvBHZHR2z/ReoIiGiDrFyzVhoMDnXTqqYDKSJ9ejjJ9MO49cFfG29t0cWWMzSwJn8pGhXMCqfFxGqOeMJwC1ESzxhl6OJe1505W+5hBJ7fRv1WehWJAr3UBFdeDMOxwlVpplP9DtEx/AQxwecaaM66DMC5KQ/ol42S8sWk4oGypbg0/jmYM+eOC5BNrs7e2/LMJ3NugIRWZqoT2S4GvL2laFcFOlef3Ioo3Hhl0FwtjO5ZA5HzGZMjFFzJKji4ssOznLouE0y4tPYC/b8aEkm6XXJaMMTVPlWzVaQgAPLBPIScByAnS9Q==) -> Found
    • [Suspicious.Path] \\7YPFtWs7AQwWIHiTr3r -- C:\Users\Fred T\AppData\Roaming\7YPFtWs7AQwWIHiTr3r.exe (--c=cNa0KPHDw9KycKU57y2aG4SeZ5ntRUunt8fSGdz2hUMrBAspfjH35x03Gx1ZZH4VW+fVhIpprCV7+kXrmQzDjcxgaG0E8lSOdXAoXlvSpTRKuY47HoAEYbbU6u5XIUCxPbL3QC9VfmtKIO8JY8aIJWt799dLjl64IvlcUV1ZiMd4qgqGCoq8JLqwQrccimlLTU/Wa8CCBHjlFAKUj/YoTpZ7ugXpG7Q6jv0r31QsFREYAr/1vhbpK7VTGa3nXrgqLd4b8ZsXwFHlGoB0AGd/SDVBo3I6gi0icJ/Xj+CQ0V7bt4WxQmux0h3HCbxBtD55wgasEKvR1WnqU+o6l4Khfw==) -> Found
    • [Suspicious.Path] \\AHQFQOPD -- "C:\ProgramData\4c56173f45364d3f9e8c55c1ac72f08f\4c56173f45364d3f9e8c55c1ac72f08f.exe" -> Found
    • [Suspicious.Path] \\dedlXKDSO19cQpfmuc2duef1YuO -- C:\Users\Fred T\AppData\Roaming\dedlXKDSO19cQpfmuc2duef1YuO.exe (--c=ZTtH0WHagR7pAuTSrLLt0XEDLtiLeWexUBbJaVko1ZNWxljDN17GqTBPiE1Cy7G5IIrnL+8L1hR82BayeG3pacXDrojGauS/Mw49ONEKzPkqIKbdeC8oTLX/Ms8uk+3tvkAbFQDSItREUX+vBJN7n0dkNW40udshWTQNpm2zsX8CRnDZZ3JEl6B/ur/qdEN80lIhxNSbsrQ6VE61imjq3ucg1EpcdB5wmjAfsKKT6Wkoz7fLSzFdsTlLyLhmgvXvNVWtaHNjMhH12BsJ2hSj9sCTQ0ez+qb4fO559RUu6z1ERgPoFc7bOtpHL4y52AxRYyv3Bi0Np5zsAu3F/PXVFA==) -> Found
    • [Suspicious.Path] \\h2QOYJzAu -- C:\Users\Fred T\AppData\Roaming\h2QOYJzAu.exe (--c=DYbUg29zOln7R+X36ax/kUkROco7oDMSoXvBHZHR2z/ReoIiGiDrFyzVhoMDnXTqqYDKSJ9ejjJ9MO49cFfG29t0cWWMzSwJn8pGhXMCqfFxGqOeMJwC1ESzxhl6OJe1505W+5hBJ7fRv1WehWJAr3UBFdeDMOxwlVpplP9DtEx/AQxwecaaM66DMC5KQ/ol42S8sWk4oGypbg0/jmYM+eOC5BNrs7e2/LMJ3NugIRWZqoT2S4GvL2laFcFOlef3Ioo3Hhl0FwtjO5ZA5HzGZMjFFzJKji4ssOznLouE0y4tPYC/b8aEkm6XXJaMMTVPlWzVaQgAPLBPIScByAnS9Q==) -> Found
    • [Suspicious.Path] \\WRGSRGEXO -- "C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a\6cfc113f2ace4beb9e169e92d8095b1a.exe" -> Found

    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
C:\ProgramData\16dec4b29177435ca7721245d7c1d6bb
C:\ProgramData\2634174364585036980
C:\ProgramData\4c56173f45364d3f9e8c55c1ac72f08f
C:\ProgramData\6cfc113f2ace4beb9e169e92d8095b1a
C:\ProgramData\d0671cf500007fc9
C:\ProgramData\d924a0e3000051c9
C:\ProgramData\f1f79be1b22d4745a00de8e75c24f32b
C:\ProgramData\ParinceCCouupon
C:\ProgramData\PCDr
C:\ProgramData\RoyalShoPperApip
C:\ProgramData\{7281bd0e-a3a8-149b-7281-1bd0ea3af43a}
C:\Program Files (x86)\1607652d-b6dc-4ead-aaa5-985e7f0a235d
C:\Program Files (x86)\94368114-757b-41a7-80d5-c55e9bd70e44
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\Laess2payo
C:\Program Files (x86)\Optimizer Pro 3.11
C:\Program Files (x86)\predm
C:\Program Files (x86)\ProoShoopperu
C:\Program Files (x86)\SuOftCoup
C:\Program Files (x86)\Super Optimizer
C:\Windows\tasks\7YPFtWs7AQwWIHiTr3r.job
C:\Windows\tasks\dedlXKDSO19cQpfmuc2duef1YuO.job
C:\Windows\tasks\h2QOYJzAu.job
C:\Windows\system32\tasks\7YPFtWs7AQwWIHiTr3r
C:\Windows\system32\tasks\AHQFQOPD
C:\Windows\system32\tasks\dedlXKDSO19cQpfmuc2duef1YuO
C:\Windows\system32\tasks\h2QOYJzAu
C:\Windows\system32\tasks\HDNINSTSCHD
C:\Windows\system32\tasks\IE_ERR4WDR
C:\Windows\system32\tasks\LaunchPreSignup
C:\Windows\system32\tasks\WRGSRGEXO

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




    Re run Malware Bytes and see if it finds anything else.


    Download Cleano 0.61

    Download it to your desktop, Right click the cleano.exe file and run as admin > and place check marks in the boxes as follows (click on link below to see image)

    View attachment 148092
    Click clean now and exit the program.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.




    Now re run Hitman and attach a fresh log.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
    Kestrel13!, Apr 23, 2015
    #4
  5. hunters

    hunters Private E-2

    Hello Kestrel13!, thanks so much for your help.

    All logs are attached. MWB came back with no issues.
     

    Attached Files:

    hunters, Apr 23, 2015
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run RogueKiller once more (just a scan) please and attach log. Thanks.
     
    Kestrel13!, Apr 23, 2015
    #6
  7. hunters

    hunters Private E-2

    Thanks again, attached you'll find the RogueKiller log
     

    Attached Files:

    hunters, Apr 23, 2015
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. It's not very often I see Hitman finding so many supposedly legit files to be infected.... so just want to double check... (apart from this issue, everything looks clean as a whistle... with Hitman it could just be a false positive)

    Please download Combofix to your desktop. Please refer to these instructions prior to running. Attach log once done.
     
    Kestrel13!, Apr 24, 2015
    #8
  9. hunters

    hunters Private E-2

    Hmmm, that makes me curious why Hitman found them as well. Attached is the Combofix log. Please let me know what to do next...
     

    Attached Files:

    hunters, Apr 24, 2015
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am satisifed that what Hitman is finding is just false positives. Ready for final steps at this point I think.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard. This opens the Run dialog box.
      • Copy and paste the below into the Run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    [*]After doing the above, you should work thru the below link:
    [/LIST]
     
    Kestrel13!, Apr 24, 2015
    #10
  11. hunters

    hunters Private E-2

    Thanks again. Went through the process you mentioned below and just thought I'd run a Malwarebytes scan again for good measure and it returned with 5 infected files. I've attached the log. But now I'm totally confused. The last scan I ran showed 0 files infected. Btw, I've been disconnected from the internet the whole time you have been cleaning. I reconnected and this happened.....hmmmm. Thoughts? Thanks again.
     

    Attached Files:

    hunters, Apr 24, 2015
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not sure, run a fresh scan with it and attach the log if it finds anything.
     
    Kestrel13!, Apr 25, 2015
    #12
  13. hunters

    hunters Private E-2

    Will do now, but did that last log in my last post tell you anything about what it found and I removed?
     
    hunters, Apr 25, 2015
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It showed you didn't quarantine them yet, and it shows that one is a trojan and one was a potentially unwanted program, that's all. :/
     
    Kestrel13!, Apr 25, 2015
    #14
  15. hunters

    hunters Private E-2

    I grabbed that log before I quarantined the 5 objects. Newest scan just ran clean and I'm attaching the log. I'm concerned because I've had a clean scan before then out of nowhere, I was infected again. Is there any other scan we can run to really know for sure?
     

    Attached Files:

    hunters, Apr 25, 2015
    #15
  16. hunters

    hunters Private E-2

    I ran another HitmanPro scan and attached the logs just for safe measure...thoughts on those results?
     

    Attached Files:

    hunters, Apr 25, 2015
    #16
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK re run Hitman and have it fix all it finds. Then you should empty out your temp files. Then rescan with Hitman (just a scan) attach log for me to see.
     
    Kestrel13!, Apr 25, 2015
    #17
  18. hunters

    hunters Private E-2

    Looks like I need a product key to activate it to remove malicious software????
     
    hunters, Apr 25, 2015
    #18
  19. hunters

    hunters Private E-2

    I tried to do the one-time activation, but it wont let me due to a firewall, but I've disabled the firewall and troubleshooted the error 20 to no avail. Any thoughts?
     
    hunters, Apr 25, 2015
    #19
  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.




    If you have not already got CCleaner installed you should download it from us and let it run. Do not run the reg scan, just the cleaner itself.

    Once all done rescan with Hitman again and attach log so I can see what remains.
     
    Kestrel13!, Apr 25, 2015
    #20
  21. hunters

    hunters Private E-2

    Thanks, so I added it to the reg and got the message back that, "The keys and values contained in ...fixME.reg have been successfully added to the registry. So I'm assuming it did work, however when running the Hitmanpro scan after that, it found the exact same reg entries. I've attached the log for you. Thanks!
     

    Attached Files:

    hunters, Apr 27, 2015
    #21
  22. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do you think you would be comfortable enough going into the Windows Registry and deleting a few keys? :confused Let me know.
     
    Kestrel13!, Apr 28, 2015
    #22
  23. hunters

    hunters Private E-2

    Yes, with your guidance. Thanks
     
    hunters, Apr 28, 2015
    #23
  24. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Click start and type in regedit - right click and run as admin on regedit.exe - then navigate to these and find them to delete.


    • HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    • HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    • HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    • HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    • HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32
    • HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS
    • HKLM\SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    • HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    • HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    • HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    • HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    • HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    • HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    • HKU\S-1-5-21-1956736502-3406738524-1949330324-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    • HKU\S-1-5-21-1956736502-3406738524-1949330324-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

    Once done reboot the machine and re run Hitman and attach log for me.
     
    Kestrel13!, Apr 29, 2015
    #24
  25. hunters

    hunters Private E-2

    Am I deleting the folders in the left pane? Or the data on the right pane?
     
    hunters, May 1, 2015
    #25
  26. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are deleting what I have highlighted in bold text - they will appear in left hand page of Regedit window. :) Please ask if you have any more questions, it's not an area we want to go wrong in.
     
    Kestrel13!, May 1, 2015
    #26
  27. hunters

    hunters Private E-2

    Ok, finally got around to manually deleting those keys. Interestingly, there were 3 keys that weren't there:

    HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}


    I've attached my HMP log
     

    Attached Files:

    hunters, May 5, 2015
    #27
  28. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Excellent! How are things running currently? :)
     
    Kestrel13!, May 6, 2015
    #28
  29. hunters

    hunters Private E-2

    Seems to be fine right now thanks! Any reason you can think of why those keys weren't there now?
     
    hunters, May 6, 2015
    #29
  30. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not too sure, but the main thing is, they are all gone now. :)
    You can follow final steps again at this point, unless you already have.
     
    Kestrel13!, May 7, 2015
    #30

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds