HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\MountPoints2: {4469056f-dffc-11e6-8953-90fba6f00023} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\KitSetup.exe
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4469056f-dffc-11e6-8953-90fba6f00023} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\KitSetup.exe
Winsock: Catalog5 01 c:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 c:\windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}\L\00000004.@
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}\L\1afb2d56
Task: {4E6E1B5F-BC87-4BCB-A3AF-F7627021D730} - System32\Tasks\{F06C0361-797C-4346-A656-9DB575ABE67C} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6808D32E-C13F-4621-8FF0-0C526BB4F564} - System32\Tasks\{232BFB52-7830-4C08-9BE0-A03C75F69264} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\xs2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7A94E2DD-16CF-4CB6-BB36-1FD66E64623E} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Andrew\AppData\Local\Temp\IHU63B3.tmp.exe <==== ATTENTION
Task: {F77A00EB-310E-4358-861C-4F66EBC4C13E} - System32\Tasks\{BF6BA024-23DB-444C-87CC-E5B2510881EA} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Desktop\EasySetupAssistant\EasySetupAssistant\EasySetupAssistant.exe -d C:\Users\Andrew\Desktop\EasySetupAssistant\EasySetupAssistant
Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.4.0-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]
CMD: netsh winsock reset 
CMD: netsh int ipv4 reset reset4.log
CMD: netsh int ipv6 reset reset6.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: