Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to remove MBR rootkits from WD My Passport External Hard Drive 2tb

MBR rootkit external hard drive malware

  • Please log in to reply

#1
questionall4000

questionall4000

    New Member

  • Member
  • Pip
  • 2 posts

So I ran a check disc on my external hard drive. It's a 2tb WD My Passport 3.0 usb drive. The checkdisc would not go past step 1. So I used Glary utilities to inspect the drive and found a hidden file called System Information that was taking up over 200gb of my drive!  At that point I knew something was really wrong because I had never seen that file before. I tried using Malwarebytes to find and remove it and it found nothing. I used Panda antivirus trying to locate and still nothing. I finally found and ran GMER and it found the file and they were in red.  I attempted to kill them and got error code.  I attempted to delete them and got different error codes. I also ran MBR check which verified that there are two MBR rootkits on my external drive, one not recognized and one was a windows XP MBR??  I have nothing going wrong at the moment, except I am quickly losing space on my drive. I would like to nip this in the bud. Any help would be much appreciated.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Kim (administrator) on TAZZER4000 on 23-04-2015 23:15:01
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim (Available profiles: Kim & Question)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Failed to access process -> BlueSoleilCS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(http://www.ruby-lang.org/) C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-12-10] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-04-01] (CyberLink)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-03-22]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\duckduckgo-ssl.xml [2014-12-04]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\ixquick-https.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\ixquick.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\startpage-https.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\unbubbleeu-1.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\unbubbleeu.xml [2014-12-28]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-30]
FF Extension: HTTPS-Everywhere - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-08]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-19]
FF Extension: LastPass - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-23]
FF Extension: AddThis - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: Tumblr Post - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb} [2014-12-07]
FF Extension: Disconnect - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-01-28]
FF Extension: Cryptocat - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-28]
FF Extension: Lightbeam - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-01-28]
FF Extension: Privacy Badger Firefox - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: Pin It Button - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-17]
FF Extension: DuckDuckGo Plus - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: Nimbus Web Clipper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-01]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: XKit - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-10]
FF Extension: Bluhell Firewall - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-01-28]
FF Extension: Video DownloadHelper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: BetterPrivacy - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-28]
FF Extension: Adblock Edge - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-12-06] (SUPERAntiSpyware.com)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-17] (Panda Security, S.L.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R3 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-20] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueletAudio; C:\Windows\system32\DRIVERS\blueletaudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthA2DP; No ImagePath
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-06] (Glarysoft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2015-04-23] (Greatis Software)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-11] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-11] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-12-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-23] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 ufdyafow; \??\C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 23:15 - 2015-04-23 23:15 - 00031179 _____ () C:\Users\Kim\Desktop\FRST.txt
2015-04-23 23:14 - 2015-04-23 23:15 - 00000000 ____D () C:\FRST
2015-04-23 23:12 - 2015-04-23 23:12 - 02099712 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2015-04-23 22:55 - 2015-04-23 22:57 - 00017773 _____ () C:\Users\Kim\Desktop\MBRCheck_04.23.15_22.55.59.txt
2015-04-23 22:55 - 2015-04-23 22:55 - 00080384 _____ () C:\Users\Kim\Downloads\MBRCheck.exe
2015-04-23 22:47 - 2015-04-23 22:47 - 00803104 _____ () C:\Users\Kim\Downloads\maxhandle.exe
2015-04-23 22:24 - 2015-04-23 22:24 - 00017406 _____ () C:\Users\Kim\Documents\gmer log external drive.log
2015-04-23 18:48 - 2015-04-23 18:48 - 00380416 _____ () C:\Users\Kim\Downloads\ufc5mom1.exe
2015-04-23 18:02 - 2015-04-23 18:20 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2015-04-23 18:02 - 2015-04-23 18:20 - 00000000 ____D () C:\Users\Kim\Documents\RegRun2
2015-04-23 18:02 - 2015-04-23 18:02 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2015-04-23 18:02 - 2015-04-23 18:02 - 00003324 _____ () C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2015-04-23 18:02 - 2015-04-23 18:02 - 00000983 _____ () C:\Users\Kim\Desktop\UnHackMe.lnk
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2015-04-23 18:02 - 2015-04-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2015-04-23 18:02 - 2015-04-23 18:02 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-04-23 18:02 - 2015-04-22 16:04 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2015-04-23 18:00 - 2015-04-23 18:01 - 16823799 _____ () C:\Users\Kim\Downloads\unhackmeb.zip
2015-04-23 17:59 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\RegRun
2015-04-23 17:58 - 2015-04-23 17:58 - 00348381 _____ () C:\Users\Kim\Downloads\tdl-detector.zip
2015-04-23 17:54 - 2015-04-23 17:54 - 00688992 _____ (Swearware) C:\Users\Kim\Downloads\dds.scr
2015-04-23 17:54 - 2015-04-23 17:54 - 00050477 _____ () C:\Users\Kim\Downloads\Defogger.exe
2015-04-23 17:51 - 2015-04-23 18:39 - 00000000 ____D () C:\Users\Kim\Desktop\mbar
2015-04-23 17:51 - 2015-04-23 17:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kim\Downloads\mbar-1.09.1.1004.exe
2015-04-23 15:07 - 2015-04-23 15:07 - 00098330 _____ () C:\Users\Kim\Documents\2015 april.reg
2015-04-23 10:49 - 2015-04-23 17:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 10:49 - 2015-04-23 17:30 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 10:49 - 2015-04-23 10:49 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 10:49 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-23 10:49 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-23 10:48 - 2015-04-23 10:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kim\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-23 10:41 - 2015-04-23 17:07 - 00000000 ____D () C:\Users\Kim\AppData\Local\CrashDumps
2015-04-23 10:35 - 2015-04-23 10:35 - 04318672 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kim\Downloads\UsbFix_7.927.exe
2015-04-23 10:32 - 2015-04-23 11:17 - 00000000 ____D () C:\UsbFix
2015-04-23 10:31 - 2015-04-23 10:32 - 04312488 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kim\Downloads\UsbFix.exe
2015-04-23 10:29 - 2015-04-23 10:33 - 18880096 _____ (Adlice Software ) C:\Users\Kim\Downloads\setup.exe
2015-04-23 09:50 - 2015-04-23 16:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-23 09:50 - 2015-04-23 10:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-23 09:45 - 2015-04-23 09:48 - 16884312 _____ () C:\Users\Kim\Downloads\RogueKiller.exe
2015-04-23 09:18 - 2015-04-23 17:22 - 00284275 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 17:00 - 2015-04-20 17:00 - 00022176 _____ () C:\Users\Kim\Downloads\business_plan.odt
2015-04-20 17:00 - 2015-04-20 17:00 - 00002709 _____ () C:\Users\Kim\Downloads\spreadsheets(2).zip
2015-04-20 16:41 - 2015-04-20 16:41 - 00002712 _____ () C:\Users\Kim\Downloads\spreadsheets(1).zip
2015-04-20 16:00 - 2015-04-20 16:00 - 00002741 _____ () C:\Users\Kim\Downloads\spreadsheets.zip
2015-04-20 12:52 - 2015-04-20 12:52 - 00025600 _____ () C:\Users\Kim\Downloads\Cash-Flow.xls
2015-04-20 12:52 - 2015-04-20 12:52 - 00023040 _____ () C:\Users\Kim\Downloads\Balance-Sheet.xls
2015-04-20 12:52 - 2015-04-20 12:52 - 00022016 _____ () C:\Users\Kim\Downloads\Income-Statement.xls
2015-04-20 08:48 - 2015-04-20 08:48 - 00003184 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag4_Startup
2015-04-20 08:48 - 2015-04-20 08:48 - 00003182 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag4_Update
2015-04-20 08:48 - 2015-04-20 08:48 - 00001150 _____ () C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-04-20 08:48 - 2015-04-20 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-04-20 08:48 - 2015-04-20 08:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-20 08:48 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-04-20 08:46 - 2015-04-20 08:46 - 07428536 _____ (IObit ) C:\Users\Kim\Downloads\smart-defrag-setup.exe
2015-04-18 22:20 - 2015-04-18 22:20 - 00025544 _____ () C:\Users\Kim\Downloads\Book%202.xlsx
2015-04-18 20:57 - 2015-04-18 20:57 - 00020379 _____ () C:\Users\Kim\Downloads\Book%201.xlsx
2015-04-18 18:42 - 2015-04-18 20:50 - 00019199 _____ () C:\Users\Kim\Downloads\Book.xlsx
2015-04-17 09:15 - 2015-04-17 09:15 - 00040936 _____ () C:\Users\Kim\Downloads\(500127663) Youngblood - Payments 1 - received 4-16-15.xlsx
2015-04-15 12:48 - 2015-04-20 17:03 - 00000430 _____ () C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job
2015-04-15 12:48 - 2015-04-15 12:48 - 00003210 _____ () C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5
2015-04-15 12:22 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-15 12:22 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-15 12:22 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-15 12:22 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-14 20:23 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 20:23 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 20:23 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 20:23 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 20:23 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 20:23 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 20:23 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 20:23 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 20:23 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 20:23 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 20:23 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 20:23 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 20:23 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 20:23 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 20:23 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 20:23 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 20:23 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 20:23 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 20:23 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 20:23 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 20:23 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 20:23 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 20:23 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 20:23 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 20:23 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 20:23 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 20:23 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 20:23 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 20:23 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 20:23 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 20:23 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 20:23 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 20:23 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 20:23 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 20:23 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 20:23 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 20:23 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 20:23 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 20:23 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 20:23 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 20:23 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 20:23 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 20:23 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 20:23 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 20:23 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 20:23 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 20:23 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 20:23 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 20:23 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 20:23 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 20:23 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 20:23 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 20:23 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 20:23 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 20:23 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 20:23 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 09:51 - 2015-04-14 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-09 11:53 - 2015-04-09 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 17:52 - 2015-04-08 17:57 - 40896120 _____ () C:\Users\Kim\Downloads\Mozilla_Firefox_v37.0.exe
2015-04-07 10:12 - 2015-04-07 10:12 - 00000000 ____D () C:\Users\Kim\AppData\Local\{E766A644-C0C5-47F3-A8A7-E70067FC6F22}
2015-04-06 20:07 - 2015-04-06 20:07 - 00000000 ____D () C:\Users\Kim\AppData\Local\{D598292D-636D-4F5B-B976-090D6CA17524}
2015-04-05 14:27 - 2015-04-05 14:45 - 57828984 _____ () C:\Users\Kim\Downloads\calibre-portable-installer-2.23.0.exe
2015-04-04 19:46 - 2015-04-04 19:49 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 19:46 - 2015-04-04 19:46 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-02 20:47 - 2015-04-02 20:47 - 00000000 ____D () C:\Users\Kim\AppData\Local\{C056AFA8-44BE-4590-8E3F-7FFCE0DADB81}
2015-04-01 14:27 - 2015-04-01 14:30 - 00000400 _____ () C:\InstallHelper.log
2015-04-01 14:26 - 2015-04-01 14:26 - 00002021 _____ () C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\ProgramData\eBay
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\Program Files (x86)\eBay
2015-04-01 11:08 - 2015-04-01 11:11 - 33486880 _____ (eBay Inc. ) C:\Users\Kim\Downloads\setupUS.exe
2015-03-31 14:53 - 2015-04-05 20:34 - 00000000 ____D () C:\Users\Kim\Downloads\PopcornTime
2015-03-30 18:33 - 2015-03-30 18:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\{27A27A88-3B40-4D2A-9988-091230C93194}
2015-03-30 11:03 - 2015-03-30 11:03 - 00000000 ____D () C:\Users\Kim\AppData\Local\TechSmith
2015-03-30 11:02 - 2015-04-01 09:50 - 00000000 ____D () C:\Users\Kim\228002049E5345C7B6F35BB0F1C1A147.TMP
2015-03-30 11:02 - 2015-03-30 11:02 - 06692840 _____ () C:\Users\Kim\Downloads\jing.exe
2015-03-29 17:19 - 2015-03-29 17:19 - 12220448 _____ (Telegram Messenger LLP ) C:\Users\Kim\Downloads\tsetup.0.8.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 23:12 - 2015-01-01 21:05 - 04220416 ___SH () C:\Users\Kim\Downloads\Thumbs.db
2015-04-23 23:12 - 2012-08-10 19:45 - 00000838 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-04-23 23:10 - 2014-12-04 13:36 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD262271-09D9-4804-AAFE-5DB095F19793}
2015-04-23 23:09 - 2012-09-25 02:35 - 00004524 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-04-23 23:09 - 2012-09-25 02:35 - 00000061 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-04-23 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-23 22:42 - 2014-12-04 17:27 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 22:42 - 2014-12-04 17:27 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 22:32 - 2014-12-04 17:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-23 21:59 - 2014-12-04 17:24 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\ClassicShell
2015-04-23 19:09 - 2014-12-04 13:43 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2957821300-2947077752-1965256310-1001
2015-04-23 17:13 - 2014-12-04 13:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\Packages
2015-04-23 17:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-23 16:58 - 2014-12-08 16:07 - 00000000 ____D () C:\Users\Kim\OneDrive
2015-04-23 16:56 - 2014-12-07 15:23 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-04-23 16:54 - 2014-12-06 23:04 - 00000350 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-04-23 16:54 - 2014-12-06 23:04 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-04-23 16:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\security
2015-04-23 16:52 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-23 16:51 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-23 10:43 - 2014-12-04 14:27 - 00000000 ____D () C:\Program Files\pia_manager
2015-04-23 10:09 - 2014-12-06 23:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-22 20:16 - 2014-12-29 21:16 - 00003156 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKim
2015-04-22 20:16 - 2014-12-29 21:16 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKim.job
2015-04-21 21:34 - 2014-12-07 12:51 - 00000000 ____D () C:\Users\Kim\Documents\ScanSnap
2015-04-21 21:16 - 2014-12-04 22:33 - 00000000 ____D () C:\ProgramData\Syscon
2015-04-21 08:47 - 2014-09-24 02:15 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-20 10:04 - 2014-12-04 19:14 - 00000246 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-04-20 08:49 - 2014-12-08 15:12 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-20 08:47 - 2014-12-06 23:19 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\IObit
2015-04-20 08:43 - 2014-12-06 23:19 - 00000000 ____D () C:\ProgramData\IObit
2015-04-20 08:36 - 2014-12-10 11:09 - 00002392 _____ () C:\Users\Kim\Documents\CheckDiskReport.txt
2015-04-19 09:32 - 2014-12-10 18:46 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-04-15 19:45 - 2014-12-04 17:27 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 16:18 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 09:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 09:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 21:11 - 2014-12-07 14:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-14 21:11 - 2014-12-07 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 21:10 - 2014-12-06 18:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 20:58 - 2014-12-06 18:23 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 20:51 - 2012-07-26 00:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-04-14 20:39 - 2014-12-10 20:06 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 20:39 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 09:51 - 2014-12-04 17:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:51 - 2014-12-04 17:25 - 00000000 ____D () C:\Users\Kim\AppData\Local\Adobe
2015-04-13 18:24 - 2014-09-24 04:55 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2014-09-24 04:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 14:51 - 2014-12-04 17:54 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\tixati
2015-04-13 12:09 - 2014-12-04 17:56 - 00000000 ____D () C:\Users\Kim\Desktop\Tixati
2015-04-13 08:32 - 2014-12-04 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 14:08 - 2014-12-04 17:47 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\MediaMonkey
2015-04-08 18:06 - 2014-12-04 13:45 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 18:06 - 2014-12-04 13:45 - 00001123 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 14:41 - 2015-01-31 22:35 - 00000000 ____D () C:\Users\Kim\Downloads\Pics and Gifs
2015-04-07 19:01 - 2014-12-07 13:20 - 00000000 ____D () C:\Users\Kim\Desktop\Personal Files
2015-04-02 21:25 - 2014-12-13 22:45 - 00000698 _____ () C:\Users\Kim\AppData\Roaming\burnaware.ini
2015-04-02 08:47 - 2014-12-07 12:57 - 00000000 ____D () C:\Users\Kim\Documents\Dons stuff
2015-04-01 10:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-01 10:18 - 2014-12-06 23:04 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\GlarySoft
2015-04-01 09:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-04-01 09:54 - 2014-12-08 15:29 - 00000000 ____D () C:\Users\Kim
2015-04-01 09:51 - 2015-01-13 08:57 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\QFX Software
2015-04-01 09:51 - 2014-12-08 22:25 - 00000000 ____D () C:\Users\Question
2015-04-01 09:50 - 2015-02-18 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-01 09:50 - 2015-01-13 08:57 - 00000000 ____D () C:\ProgramData\QFX Software
2015-04-01 09:50 - 2014-12-04 17:16 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-04-01 09:50 - 2014-12-04 13:36 - 00000000 ____D () C:\Users\Kim\AppData\Local\bluesoleil
2015-04-01 09:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-26 15:23 - 2015-01-31 22:34 - 00000000 ____D () C:\Users\Kim\Downloads\PDF Docs
2015-03-24 14:02 - 2014-12-07 14:31 - 00000000 ____D () C:\Users\Kim\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-12-13 22:45 - 2015-04-02 21:25 - 0000698 _____ () C:\Users\Kim\AppData\Roaming\burnaware.ini
2014-12-07 14:05 - 2014-12-07 16:21 - 0000115 _____ () C:\Users\Kim\AppData\Roaming\LogFile.txt
2014-12-04 20:50 - 2014-12-04 20:50 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Kim\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kim\AppData\Local\Temp\gusetup2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-23 19:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Kim at 2015-04-23 23:16:19
Running from C:\Users\Kim\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2957821300-2947077752-1965256310-500 - Administrator - Disabled)
Guest (S-1-5-21-2957821300-2947077752-1965256310-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2957821300-2947077752-1965256310-1003 - Limited - Enabled)
Kim (S-1-5-21-2957821300-2947077752-1965256310-1001 - Administrator - Enabled) => C:\Users\Kim
Question (S-1-5-21-2957821300-2947077752-1965256310-1004 - Limited - Enabled) => C:\Users\Question

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap ™ 4.1 (HKLM-x32\...\{FB410000-0001-0000-0000-074957833700}) (Version: 8.02.449.72515 - ABBYY)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Amazon Cloud Drive (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Amazon Cloud Drive) (Version: 2.2.4.6 - Amazon Digital Services, LLC.)
Amazon Music (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
APRWIN 6.2 (HKLM-x32\...\{BE522F3B-76D9-445D-BDD7-4969B77E5412}) (Version: 6.20.0000 - Comptroller of the Currency)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Professional 7.1 Retail (HKLM-x32\...\BurnAware Professional_is1) (Version:  - Burnaware)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L20 - PFU)
CardMinder V4.1 (x32 Version: 4.1.20.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1601.0 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.5.2567 - Evernote Corp.)
Foxit PhantomPDF Business (HKLM-x32\...\{8A601904-4113-40FE-9DCC-7A38CE1A8032}) (Version: 7.0.6.1126 - Foxit Software Inc.)
Freenet version 0.7.5 build 1467 (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1467 - freenetproject.org)
Glary Utilities PRO 5.18 (HKLM-x32\...\Glary Utilities 5) (Version: 5.18.0.31 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version:  - )
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
Magic DVD Copier V9.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version:  - Magic DVD Software, Inc.)
Magic DVD Ripper V9.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Plague Inc Evolved v0.8 (Include Scenario Maker) (HKLM-x32\...\Plague Inc Evolved v0.8 (Include Scenario Maker)0.8) (Version: 0.8 - Friends in War)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2 - Popcorn Time)
Portrait Professional Studio 10.9 (HKLM-x32\...\Portrait Professional Studio 10 PREACTIVATED by .:sHaRe:._is1) (Version: 10.9 - )
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Scan to Microsoft SharePoint (HKLM-x32\...\{360824C5-ECEC-4A5D-8032-1A365962912C}) (Version: 3.4.0 - KnowledgeLake)
ScanSnap (x32 Version: 5.1.20.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L20 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L20 - PFU)
ScanSnap Organizer (x32 Version: 4.1.20.12 - PFU LIMITED) Hidden
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spotify (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.1.1.2876 - Stamps.com, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Logo Creator v6 6.0 (HKLM-x32\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UnHackMe 7.72 beta (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unseen App version 0.2.5 (HKLM-x32\...\{5C349BCB-70DB-46DE-8E0E-F07A2B1C0B91}_is1) (Version: 0.2.5 - Unseen, ehf.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

04-04-2015 19:44:31 Windows Update
12-04-2015 14:25:19 Scheduled Checkpoint
15-04-2015 16:17:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D213C6E-0731-42E7-91B0-76CFA1CAAC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {15E58AFF-CBC0-43C5-9907-55EDD3B4BA95} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {237D8813-0733-4E17-8D91-0B49273F83DB} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-03-31] (IObit)
Task: {242DA7D5-3099-4635-8E30-53D263DFCCF8} - System32\Tasks\DeviceDetector7 => C:\Program Files (x86)\CyberLink\MediaEspresso7\DeviceDetector\DeviceDetector7.exe [2014-06-16] (CyberLink)
Task: {27CDA547-DCE4-4E7E-A187-A5D0EA6CB180} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {2FE7BF52-1D8C-42E9-BD28-2235225F13EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {43949F4D-6A59-4FBD-8AFF-0282D0E76808} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {4492EA04-D5B2-4FB5-802C-EACA3E9278CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {4A64B4A4-741B-4119-B787-4D11375B78E5} - System32\Tasks\HPCeeScheduleForKim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4E75CD3A-BF26-4323-8B9E-CA870E127DD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {518B3B26-5F87-452A-AD8D-0D963A279C67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {545C2DC8-4432-44A2-B3FC-6479908B9AB3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6304D6D1-5028-4821-B183-87F7F6FCB9C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3982M8ZZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {64E15611-B681-4ABF-A15E-16C49067E6A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {67E2B585-AF97-4324-8585-4BDE22280482} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {6803355F-647C-4B04-8A30-04ED1EA8F3D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {88379453-E9C9-4F9C-A52D-B6797F4B5456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {97CC5307-BEAD-4C86-A7D7-167C1F91FD68} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {98D6E5A6-247E-4673-AFC0-2502ED9FFD7F} - System32\Tasks\Amazon Music Helper => C:\Users\Kim\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-08] ()
Task: {9CD0DF83-9D8B-471E-B033-B1D66E089127} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-02-01] (Glarysoft Ltd)
Task: {A2434B76-E64C-49BE-BDCD-0CA2D9B950A8} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-02-01] (Glarysoft Ltd)
Task: {A6CA50C7-D505-44A6-BC46-D06B6F2DEAAA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-07] ()
Task: {BBE5FB16-B38F-4710-A1BA-AC02AAB40055} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C4E5C3C4-C42A-45C3-9D5B-DFEF29A19335} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C778AA5D-740A-4D7B-9C6B-A9C0A4BD05CB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CA36ACF3-9082-4D5F-BE05-CDB46A3270C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {CE824E27-A661-4AC0-9CD3-C6FF421AA856} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2015-04-22] (Greatis Software)
Task: {CFC4563F-823E-44C5-BB62-5D2F8FBE2499} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-02-01] (Glarysoft Ltd)
Task: {D5E7C13A-0D2C-47EB-A2A3-1121B65B5C89} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EE812BFB-65F4-45AB-B3DA-112E413010FD} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-04-23] ()
Task: {F09846BC-7455-4CA9-93FE-8EA1E23E080A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-12-10] (Synaptics Incorporated)
Task: {F636FB7B-EC35-4D96-A159-FB6C6E96628C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FE351826-1017-43E2-9FC2-40F025AF451E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-25 02:59 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-10 20:11 - 2012-07-10 20:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-12-04 14:27 - 2015-04-23 10:42 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2013-12-19 11:36 - 2014-12-06 22:42 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-12-04 14:27 - 2015-04-23 10:43 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-20 08:48 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-07-10 20:14 - 2012-07-10 20:14 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-07-27 16:51 - 2012-07-27 16:51 - 00346112 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-25 02:25 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00012800 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009728 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00014848 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-23 16:53 - 2015-04-23 16:53 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\src\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009216 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00126976 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00087552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00016384 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-23 16:54 - 2015-04-23 16:54 - 00127316 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\libffi-6.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00013312 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00095744 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00012800 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009728 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00014848 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\src\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00118784 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00069120 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00083968 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\zlib1.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00275968 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00015360 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008192 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009216 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00023552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00036352 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00126976 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00087552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00016384 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00127316 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\libffi-6.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00013312 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00095744 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-04 14:27 - 2015-04-23 10:42 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-04-22 21:20 - 2015-04-22 21:20 - 01056312 _____ () C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2012-08-10 12:55 - 2012-08-10 12:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 19:28 - 2012-05-02 19:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Kim\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Question\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\Pictures\Backgrounds Wallpapers HD\20243.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G9"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Faulty Device Manager Devices =============

Name: HK Onyx Studio Stereo
Description: Bluetooth Stereo
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2DP
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: HK Onyx Studio Audio/Video Remote Control HID
Description: Bluetooth Audio/Video Remote Control HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: BthAvrcpTg
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 05:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0xebc
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5

Error: (04/23/2015 04:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x7fc
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5

Error: (04/23/2015 00:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDRulesEngine.exe, version: 1.6.4.2, time stamp: 0x505a960f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x2084
Faulting application start time: 0xWDRulesEngine.exe0
Faulting application path: WDRulesEngine.exe1
Faulting module path: WDRulesEngine.exe2
Report Id: WDRulesEngine.exe3
Faulting package full name: WDRulesEngine.exe4
Faulting package-relative application ID: WDRulesEngine.exe5

Error: (04/23/2015 00:43:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()

Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6545ca20
Faulting process id: 0xe90
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x00725ce0
Faulting process id: 0xe90
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/23/2015 10:41:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6545ca20
Faulting process id: 0x5ec
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/23/2015 10:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x01005ce0
Faulting process id: 0x5ec
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/23/2015 09:24:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/23/2015 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x91c
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5


System errors:
=============
Error: (04/23/2015 10:30:35 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/23/2015 10:30:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/23/2015 10:26:12 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/23/2015 10:25:51 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/23/2015 09:22:44 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/23/2015 09:22:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/23/2015 09:04:59 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/23/2015 09:04:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/23/2015 09:03:58 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/23/2015 09:03:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Microsoft Office Sessions:
=========================
Error: (04/23/2015 05:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53debc01d07e1737f3a94eC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll7be01411-ea0a-11e4-be9e-689423941040

Error: (04/23/2015 04:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53d7fc01d07e0fd68f44f8C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll1a74a26d-ea03-11e4-be9e-689423941040

Error: (04/23/2015 00:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDRulesEngine.exe1.6.4.2505a960fKERNELBASE.dll6.3.9600.1741554504adee043435200014598208401d07ddbeb1f732fC:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3a845718-e9e0-11e4-be9d-689423941040

Error: (04/23/2015 00:43:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()

Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00000056545ca20e9001d07ddc101d630bC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown4e06ea29-e9cf-11e4-be9d-689423941040

Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00001a500725ce0e9001d07ddc101d630bC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown4dd8cd7b-e9cf-11e4-be9d-689423941040

Error: (04/23/2015 10:41:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00000056545ca205ec01d07ddbf4ee1deaC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown3443116f-e9cf-11e4-be9d-689423941040

Error: (04/23/2015 10:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00001a501005ce05ec01d07ddbf4ee1deaC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown32ab5a5b-e9cf-11e4-be9d-689423941040

Error: (04/23/2015 09:24:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Kim\Downloads\Programs\SoftonicDownloader_for_photoscape.exe

Error: (04/23/2015 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53d91c01d07dd09f86d095C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dlle123fe2e-e9c3-11e4-be9d-689423941040


CodeIntegrity Errors:
===================================
  Date: 2014-12-10 17:48:19.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 17:10:29.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:55:30.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:47:25.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:36:55.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:28:43.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:28:39.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:28:07.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:27:30.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 15:27:30.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 6036.27 MB
Available physical RAM: 2401.14 MB
Total Pagefile: 12180.27 MB
Available Pagefile: 8253.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.78 GB) (Free:564.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.65 GB) (Free:3.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:785.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4C7F4374)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

MBRCheck, version 1.2.3
© 2010, AD

Command-line:            
Windows Version:        
Windows Information:         (build 9200), 64-bit
Base Board Manufacturer:    Hewlett-Packard
BIOS Manufacturer:        Insyde
System Manufacturer:        Hewlett-Packard
System Product Name:        HP Pavilion g7 Notebook PC
Logical Drives Mask:        0x000000dc

Kernel Drivers (total 205):
  0x75C79000 \SystemRoot\system32\ntoskrnl.exe
  0x75C09000 \SystemRoot\system32\hal.dll
  0x74EEB000 \SystemRoot\system32\kd.dll
  0x21EE4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x21F61000 \SystemRoot\System32\drivers\werkernel.sys
  0x21F6F000 \SystemRoot\System32\drivers\CLFS.SYS
  0x21FD1000 \SystemRoot\System32\drivers\tm.sys
  0x21E00000 \SystemRoot\system32\PSHED.dll
  0x21E15000 \SystemRoot\system32\BOOTVID.dll
  0x21E1F000 \SystemRoot\system32\CI.dll
  0x22009000 \SystemRoot\System32\drivers\msrpc.sys
  0x22066000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x22135000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x22146000 \SystemRoot\System32\Drivers\acpiex.sys
  0x2215E000 \SystemRoot\System32\Drivers\WppRecorder.sys
  0x22169000 \SystemRoot\System32\drivers\ACPI.sys
  0x221F1000 \SystemRoot\System32\drivers\WMILIB.SYS
  0x222E7000 \SystemRoot\System32\Drivers\cng.sys
  0x22373000 \SystemRoot\System32\drivers\jpwo.sys
  0x22389000 \SystemRoot\System32\drivers\msisadrv.sys
  0x22393000 \SystemRoot\System32\drivers\pci.sys
  0x223DB000 \SystemRoot\System32\drivers\vdrvroot.sys
  0x22200000 \SystemRoot\system32\drivers\pdc.sys
  0x2221C000 \SystemRoot\System32\drivers\partmgr.sys
  0x22234000 \SystemRoot\System32\drivers\spaceport.sys
  0x2229D000 \SystemRoot\System32\drivers\volmgr.sys
  0x22400000 \SystemRoot\System32\drivers\volmgrx.sys
  0x2245F000 \SystemRoot\System32\drivers\mountmgr.sys
  0x2265E000 \SystemRoot\System32\drivers\iaStorA.sys
  0x22928000 \SystemRoot\System32\drivers\storport.sys
  0x229A0000 \SystemRoot\system32\drivers\fltmgr.sys
  0x22600000 \SystemRoot\System32\drivers\fileinfo.sys
  0x22616000 \SystemRoot\System32\Drivers\Wof.sys
  0x22ACE000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x22CC8000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x22CE4000 \SystemRoot\System32\drivers\pcw.sys
  0x22CF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x2247A000 \SystemRoot\system32\drivers\ndis.sys
  0x22CFF000 \SystemRoot\system32\drivers\NETIO.SYS
  0x22D77000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x22EC0000 \SystemRoot\System32\drivers\tcpip.sys
  0x2312C000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x23198000 \SystemRoot\system32\DRIVERS\wfplwfs.sys
  0x22E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x22E95000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
  0x22DA8000 \SystemRoot\System32\drivers\volsnap.sys
  0x22E9F000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
  0x22A00000 \SystemRoot\System32\drivers\rdyboost.sys
  0x22EA7000 \SystemRoot\System32\Drivers\mup.sys
  0x231BD000 \SystemRoot\System32\drivers\intelpep.sys
  0x231D8000 \SystemRoot\System32\drivers\disk.sys
  0x22A46000 \SystemRoot\System32\drivers\CLASSPNP.SYS
  0x22A9C000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x22591000 \SystemRoot\System32\drivers\cdrom.sys
  0x231F4000 \SystemRoot\System32\Drivers\Null.SYS
  0x231CC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x22AB1000 \SystemRoot\System32\drivers\BasicRender.sys
  0x2349C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x2361C000 \SystemRoot\System32\drivers\watchdog.sys
  0x2362E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x23691000 \SystemRoot\System32\drivers\BasicDisplay.sys
  0x236A3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x236B7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x236C3000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x236E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x236F1000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x2373D000 \SystemRoot\system32\drivers\afd.sys
  0x237CF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x23400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x23418000 \SystemRoot\system32\DRIVERS\NNSNAHSL.sys
  0x23427000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x238FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x2396A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x23983000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x23800000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x238E5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x238EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x239A9000 \SystemRoot\system32\DRIVERS\psinknc.sys
  0x239DE000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x239EC000 \SystemRoot\System32\drivers\npsvctrig.sys
  0x23438000 \SystemRoot\system32\DRIVERS\NNSTlsc.sys
  0x23456000 \SystemRoot\system32\DRIVERS\NNSStrm.sys
  0x225BF000 \SystemRoot\system32\DRIVERS\NNSSmtp.sys
  0x23A3D000 \SystemRoot\system32\DRIVERS\NNSPrv.sys
  0x23A84000 \SystemRoot\system32\DRIVERS\NNSProt.sys
  0x23AD4000 \SystemRoot\system32\DRIVERS\NNSPop3.sys
  0x23AF9000 \SystemRoot\system32\DRIVERS\NNSPihsw.sys
  0x23B10000 \SystemRoot\system32\DRIVERS\NNSPicc.sys
  0x23B2F000 \SystemRoot\system32\DRIVERS\NNSIds.sys
  0x23B57000 \SystemRoot\system32\DRIVERS\NNSHttps.sys
  0x23B78000 \SystemRoot\system32\DRIVERS\NNSHttp.sys
  0x23BAF000 \SystemRoot\system32\DRIVERS\NNSAlpc.sys
  0x23BCA000 \SystemRoot\System32\drivers\mssmbios.sys
  0x23BD6000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
  0x23BF4000 \??\C:\Windows\System32\drivers\GUBootStartup.sys
  0x23A00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x23A26000 \SystemRoot\system32\DRIVERS\ahcache.sys
  0x22ABF000 \SystemRoot\system32\DRIVERS\tap0901.sys
  0x222B2000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
  0x22641000 \SystemRoot\System32\drivers\CompositeBus.sys
  0x22DF7000 \SystemRoot\System32\drivers\serscan.sys
  0x239F8000 \SystemRoot\system32\drivers\ksthunk.sys
  0x23C88000 \SystemRoot\system32\drivers\ks.sys
  0x23CD6000 \SystemRoot\system32\DRIVERS\kdnic.sys
  0x23CE1000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x23D0C000 \SystemRoot\System32\drivers\umbus.sys
  0x23D1D000 \SystemRoot\System32\drivers\CmBatt.sys
  0x23D24000 \SystemRoot\System32\drivers\BATTC.SYS
  0x23E5D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x2421C000 \SystemRoot\System32\drivers\USBXHCI.SYS
  0x24271000 \SystemRoot\System32\drivers\ucx01000.sys
  0x242A3000 \SystemRoot\System32\drivers\HECIx64.sys
  0x242B6000 \SystemRoot\System32\drivers\usbehci.sys
  0x242CE000 \SystemRoot\System32\drivers\USBPORT.SYS
  0x2433D000 \SystemRoot\System32\drivers\HDAudBus.sys
  0x244FE000 \SystemRoot\system32\DRIVERS\netr28x.sys
  0x24768000 \SystemRoot\System32\drivers\vwifibus.sys
  0x2486C000 \SystemRoot\System32\drivers\rtbth.sys
  0x24400000 \SystemRoot\system32\DRIVERS\Rt630x64.sys
  0x249DB000 \SystemRoot\System32\drivers\i8042prt.sys
  0x24800000 \SystemRoot\System32\drivers\keyscrambler.sys
  0x24775000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x24839000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x24845000 \SystemRoot\System32\drivers\kbdclass.sys
  0x24857000 \SystemRoot\System32\drivers\mouclass.sys
  0x244AB000 \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
  0x244B8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
  0x244C5000 \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
  0x244CF000 \SystemRoot\System32\drivers\HIDCLASS.SYS
  0x244EE000 \SystemRoot\System32\drivers\HIDPARSE.SYS
  0x247F4000 \SystemRoot\System32\drivers\wmiacpi.sys
  0x24356000 \SystemRoot\System32\drivers\intelppm.sys
  0x24374000 \SystemRoot\System32\drivers\NdisVirtualBus.sys
  0x24867000 \SystemRoot\System32\Drivers\BtAudioBus.sys
  0x249FA000 \SystemRoot\System32\drivers\swenum.sys
  0x2437F000 \SystemRoot\System32\drivers\iwdbus.sys
  0x2438B000 \SystemRoot\System32\drivers\CLVirtualBus01.sys
  0x243A8000 \SystemRoot\System32\drivers\rdpbus.sys
  0x23D30000 \SystemRoot\System32\drivers\usbhub.sys
  0x23C00000 \SystemRoot\System32\drivers\UsbHub3.sys
  0x24AD1000 \SystemRoot\system32\DRIVERS\stwrt64.sys
  0x24B5A000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x24BA1000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x24A00000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
  0x24A58000 \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys
  0x24A63000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x24C57000 \SystemRoot\System32\Drivers\bthport.sys
  0x24D82000 \SystemRoot\system32\DRIVERS\BthLEEnum.sys
  0x24DBF000 \SystemRoot\System32\drivers\rfcomm.sys
  0x24DED000 \SystemRoot\System32\drivers\BthEnum.sys
  0x24C00000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x24C21000 \SystemRoot\System32\Drivers\BtL2caScoIf.sys
  0x24A7C000 \SystemRoot\System32\drivers\USBSTOR.SYS
  0x24C33000 \SystemRoot\System32\drivers\wdcsam64.sys
  0x24AA2000 \SystemRoot\System32\drivers\usbccgp.sys
  0x24C37000 \SystemRoot\System32\drivers\hidusb.sys
  0x24C45000 \SystemRoot\System32\drivers\kbdhid.sys
  0x24BBD000 \SystemRoot\System32\drivers\mouhid.sys
  0x24BCA000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x24996000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x249CF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x24EDB000 \SystemRoot\System32\Drivers\dump_iaStorA.sys
  0x251A5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x0010C000 \SystemRoot\System32\win32k.sys
  0x251BB000 \SystemRoot\System32\drivers\monitor.sys
  0x0066F000 \SystemRoot\System32\TSDDD.dll
  0x00918000 \SystemRoot\System32\cdd.dll
  0x00AD1000 \SystemRoot\System32\ATMFD.DLL
  0x251C9000 \SystemRoot\system32\drivers\luafv.sys
  0x24E00000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
  0x24E2B000 \SystemRoot\system32\DRIVERS\PSINProt.sys
  0x24E4F000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0x24E59000 \SystemRoot\system32\DRIVERS\PSINFile.sys
  0x24E79000 \SystemRoot\system32\DRIVERS\PSINProc.sys
  0x24E9A000 \SystemRoot\system32\DRIVERS\PSINReg.sys
  0x24EB8000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x2527D000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x252F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x25305000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x25483000 \SystemRoot\system32\drivers\HTTP.sys
  0x2557D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x2558C000 \SystemRoot\System32\drivers\condrv.sys
  0x2559C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x255BC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x25400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x2531D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x25355000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x255D3000 \SystemRoot\system32\drivers\Ndu.sys
  0x2566B000 \SystemRoot\system32\drivers\peauth.sys
  0x25714000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x2571F000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x25762000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x25853000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x25900000 \SystemRoot\System32\DRIVERS\srv.sys
  0x2598E000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x259BB000 \SystemRoot\System32\DRIVERS\PSKMAD.sys
  0x259CC000 \SystemRoot\system32\drivers\WudfPf.sys
  0x25800000 \SystemRoot\System32\drivers\WUDFRd.sys
  0x2583D000 \SystemRoot\System32\drivers\WpdUpFltr.sys
  0x25848000 \SystemRoot\System32\drivers\WSDPrint.sys
  0x25774000 \SystemRoot\System32\drivers\WSDScan.sys
  0x257B8000 \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
  0x257DE000 \??\C:\WINDOWS\system32\drivers\mwac.sys
  0x2561E000 \??\C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys
  0x259ED000 \SystemRoot\System32\drivers\umpass.sys

Processes (total 96):
       0 System Idle Process
       4 System
     992 C:\Windows\System32\smss.exe
     704 csrss.exe
     772 C:\Windows\System32\wininit.exe
     872 csrss.exe
     916 C:\Windows\System32\services.exe
     924 C:\Windows\System32\lsass.exe
     576 C:\Windows\System32\winlogon.exe
     624 C:\Windows\System32\svchost.exe
     488 C:\Windows\System32\svchost.exe
    1112 dwm.exe
    1192 C:\Windows\System32\svchost.exe
    1220 C:\Windows\System32\svchost.exe
    1272 C:\Windows\System32\svchost.exe
    1328 C:\Windows\System32\igfxCUIService.exe
    1356 C:\Windows\System32\svchost.exe
    1396 C:\Program Files\IDT\WDM\stacsv64.exe
    1572 C:\Windows\System32\hpservice.exe
    1624 C:\Windows\System32\svchost.exe
    1836 C:\Windows\System32\spoolsv.exe
    1880 C:\Windows\System32\svchost.exe
    1848 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    1924 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1968 C:\Windows\System32\svchost.exe
    1708 C:\Program Files\Bonjour\mDNSResponder.exe
    2068 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2088 dasHost.exe
    2120 C:\Program Files\Intel\iCLS Client\HeciServer.exe
    2144 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    2172 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    2336 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    2356 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    2368 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    2396 C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    2472 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    2544 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2568 C:\Windows\System32\svchost.exe
    2628 C:\Program Files (x86)\Popcorn Time\Updater.exe
    2676 C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    3048 WmiPrvSE.exe
    3620 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    3864 C:\Windows\System32\svchost.exe
    3948 C:\Windows\System32\svchost.exe
    3552 C:\Windows\System32\svchost.exe
    3640 WmiPrvSE.exe
    4808 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    4956 dllhost.exe
    3656 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    3500 C:\Windows\explorer.exe
    4988 C:\Windows\System32\igfxEM.exe
    4304 C:\Windows\System32\igfxHK.exe
    4712 C:\Windows\System32\igfxTray.exe
    4540 C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
    1412 C:\Windows\System32\taskhostex.exe
    4928 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4204 C:\Program Files\pia_manager\pia_manager.exe
    5876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5092 C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
    6052 C:\Program Files\Classic Shell\ClassicStartMenu.exe
    6128 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    5504 C:\Windows\System32\SearchIndexer.exe
    5544 C:\Windows\System32\SkyDrive.exe
    5932 C:\Program Files\IDT\WDM\sttray64.exe
    3512 C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
    2936 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
    2528 C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
    4312 C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
    3876 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    3168 C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
    4972 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    4608 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    1068 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    5536 C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    3324 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    5604 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    5624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4044 C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe
    5144 C:\Program Files\pia_manager\pia_manager.exe
    1844 C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe
    3872 C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    5552 C:\Windows\System32\SettingSyncHost.exe
    6728 C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    3696 C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    3356 C:\Program Files\CCleaner\CCleaner64.exe
    4032 C:\Windows\System32\wbem\unsecapp.exe
    4016 C:\Program Files (x86)\UnHackMe\hackmon.exe
    3160 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    6332 C:\Windows\System32\taskhost.exe
    6464 C:\Program Files\pia_manager\openvpn.exe
    5968 C:\Windows\splwow64.exe
    4176 C:\Windows\System32\SearchProtocolHost.exe
    5908 C:\Windows\System32\SearchFilterHost.exe
    7888 C:\Users\Kim\Downloads\MBRCheck.exe
    7396 C:\Windows\System32\conhost.exe
     208 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`31500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000a8`3f500000  (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS547575A9E384, Rev: JE4OA50A
PhysicalDrive1 Model Number: WDMy Passport 0748, Rev: 1019

      Size  Device Name          MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
   1862 GB  \\.\PhysicalDrive1   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-04-23 22:24:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 Hitachi_HTS547575A9E384 rev.JE4OA50A 698.64GB
Running: ufc5mom1.exe; Driver: C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                              fffff96000171a00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                                                                                                                                                         fffff96000171a11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- User code sections - GMER 2.1 ----

?        C:\Windows\SYSTEM32\BsHelpCSps.dll [2936] entry point in ".data" section                                                                                                                                                                                     0000000002f25055
.text    C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe[3168] C:\WINDOWS\system32\IMM32.DLL!ImmProcessKey                                                                                                                                                   00007ffc34355060 14 bytes {JMP QWORD [RIP+0x0]}

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [872:896]                                                                                                                                                                                                                      fffff960009222d0
Thread   C:\WINDOWS\Explorer.EXE [3500:3560]                                                                                                                                                                                                                          00007ffc29329970
Thread   C:\WINDOWS\Explorer.EXE [3500:3140]                                                                                                                                                                                                                          0000000066018d2c
Thread   C:\WINDOWS\Explorer.EXE [3500:4424]                                                                                                                                                                                                                          00007ffc2932e630
Thread   C:\WINDOWS\Explorer.EXE [3500:908]                                                                                                                                                                                                                           0000000065509300
Thread   C:\WINDOWS\Explorer.EXE [3500:6916]                                                                                                                                                                                                                          00007ffc26391120
Thread   C:\WINDOWS\Explorer.EXE [3500:6312]                                                                                                                                                                                                                          00007ffc29e5ab50
Thread   C:\WINDOWS\Explorer.EXE [3500:3352]                                                                                                                                                                                                                          00007ffc2970cb00
Thread   C:\Windows\System32\SettingSyncHost.exe [5552:6572]                                                                                                                                                                                                          00007ffc24937090
---- Processes - GMER 2.1 ----

Process  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:53:33)           0000000000400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:53:40)  0000000062d00000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01)                                                            0000000071280000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01)                                                       0000000070600000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01)                                                    000000006dd40000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:53:30)                                                                   0000000010000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:11)                                                                  0000000065000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06)                                              00000000005b0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12)                                                             000000006ab80000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12)                                                                   000000006c280000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12)                                                               0000000070a40000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:54:34)                                                                                    000000006b740000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06)                                                         0000000065480000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06)                                                  000000006d400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06)                                                00000000628c0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:17)            0000000066940000
Process  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:55:26)           0000000000400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:55:26)  0000000062d00000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27)                                                            0000000071280000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27)                                                       0000000070600000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27)                                                    000000006dd40000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:26)                                                                   0000000010000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28)                                              00000000003d0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28)                                                               000000006e600000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29)                                                                 000000006a400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\zlib1.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:26)                                                                                       00000000025f0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29)                                                             0000000065080000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29)                                                              00000000671c0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\LIBEAY32.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-04-2321:55:26)              0000000063000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\SSLEAY32.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-04-2321:55:27)              000000006e400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29)                                                               0000000068000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29)                                                                000000006a1c0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                                  0000000065000000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                      000000006fac0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                         0000000070f40000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28)                                                         0000000065480000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                         000000006ffc0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                         000000006d100000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                   000000006adc0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                             000000006ab80000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                                   000000006c280000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)                                                               0000000070a40000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27)                                                                                    000000006b740000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28)                                                  000000006d400000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28)                                                00000000628c0000
Library  C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31)            0000000066940000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
 

Attached Files


Edited by questionall4000, 23 April 2015 - 10:38 PM.

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi and welcome to G2G. Sorry for the delay. We've been sifting through a backlog recently. Let me know if you still need assistance.

 

You mentioned "System Information" as the file on the external hard drive. Was it "System Volume Information"? If so, the System Volume Information folder is a hidden system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer.
 

You can prevent the system from creating restore points in your external hard drive by following these steps:
 
a) Press Windows key + F and type “System Restore” and click on the “settings” tab below
b) Click on “Create a restore point” in the search results
c) Now, in the new window, under “system protection” tab, select your External hard drive and click “Configure”
d) Click on “Disable System protection” and click Ok to save settings.

  • 1

#3
questionall4000

questionall4000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

 

Hi and welcome to G2G. Sorry for the delay. We've been sifting through a backlog recently. Let me know if you still need assistance.

 

You mentioned "System Information" as the file on the external hard drive. Was it "System Volume Information"? If so, the System Volume Information folder is a hidden system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer.
 

You can prevent the system from creating restore points in your external hard drive by following these steps:
 
a) Press Windows key + F and type “System Restore” and click on the “settings” tab below
b) Click on “Create a restore point” in the search results
c) Now, in the new window, under “system protection” tab, select your External hard drive and click “Configure”
d) Click on “Disable System protection” and click Ok to save settings.

 

  Oh wow. Thanks so much!!  I was scared that I had some horrible malware that was going to crash everything. some of the things listed were in red and Ihad no idea what to do. Thanks again. following your instructions let me delete all those restore points that were taking up over 200gb of space. much appreciated.


  • 0






Similar Topics


Also tagged with one or more of these keywords: MBR, rootkit, external hard drive, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP