So I ran a check disc on my external hard drive. It's a 2tb WD My Passport 3.0 usb drive. The checkdisc would not go past step 1. So I used Glary utilities to inspect the drive and found a hidden file called System Information that was taking up over 200gb of my drive! At that point I knew something was really wrong because I had never seen that file before. I tried using Malwarebytes to find and remove it and it found nothing. I used Panda antivirus trying to locate and still nothing. I finally found and ran GMER and it found the file and they were in red. I attempted to kill them and got error code. I attempted to delete them and got different error codes. I also ran MBR check which verified that there are two MBR rootkits on my external drive, one not recognized and one was a windows XP MBR?? I have nothing going wrong at the moment, except I am quickly losing space on my drive. I would like to nip this in the bud. Any help would be much appreciated.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Kim (administrator) on TAZZER4000 on 23-04-2015 23:15:01
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim (Available profiles: Kim & Question)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Failed to access process -> BlueSoleilCS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(http://www.ruby-lang.org/) C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-12-10] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-04-01] (CyberLink)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-03-22]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {60EFC981-4814-4A1D-A207-073AAC5D3B7A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\duckduckgo-ssl.xml [2014-12-04]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\ixquick-https.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\ixquick.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\startpage-https.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\unbubbleeu-1.xml [2014-12-28]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\searchplugins\unbubbleeu.xml [2014-12-28]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-30]
FF Extension: HTTPS-Everywhere - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-08]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-19]
FF Extension: LastPass - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-04-23]
FF Extension: AddThis - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: Tumblr Post - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb} [2014-12-07]
FF Extension: Disconnect - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-01-28]
FF Extension: Cryptocat - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-28]
FF Extension: Lightbeam - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-01-28]
FF Extension: Privacy Badger Firefox - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: Pin It Button - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-17]
FF Extension: DuckDuckGo Plus - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: Nimbus Web Clipper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-01]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2014-12-04]
FF Extension: XKit - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\[email protected] [2015-03-10]
FF Extension: Bluhell Firewall - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-01-28]
FF Extension: Video DownloadHelper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: BetterPrivacy - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-28]
FF Extension: Adblock Edge - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-28]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-12-06] (SUPERAntiSpyware.com)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-17] (Panda Security, S.L.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R3 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-20] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BlueletAudio; C:\Windows\system32\DRIVERS\blueletaudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthA2DP; No ImagePath
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-06] (Glarysoft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2015-04-23] (Greatis Software)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-11] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-11] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-12-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-23] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 ufdyafow; \??\C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 23:15 - 2015-04-23 23:15 - 00031179 _____ () C:\Users\Kim\Desktop\FRST.txt
2015-04-23 23:14 - 2015-04-23 23:15 - 00000000 ____D () C:\FRST
2015-04-23 23:12 - 2015-04-23 23:12 - 02099712 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2015-04-23 22:55 - 2015-04-23 22:57 - 00017773 _____ () C:\Users\Kim\Desktop\MBRCheck_04.23.15_22.55.59.txt
2015-04-23 22:55 - 2015-04-23 22:55 - 00080384 _____ () C:\Users\Kim\Downloads\MBRCheck.exe
2015-04-23 22:47 - 2015-04-23 22:47 - 00803104 _____ () C:\Users\Kim\Downloads\maxhandle.exe
2015-04-23 22:24 - 2015-04-23 22:24 - 00017406 _____ () C:\Users\Kim\Documents\gmer log external drive.log
2015-04-23 18:48 - 2015-04-23 18:48 - 00380416 _____ () C:\Users\Kim\Downloads\ufc5mom1.exe
2015-04-23 18:02 - 2015-04-23 18:20 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2015-04-23 18:02 - 2015-04-23 18:20 - 00000000 ____D () C:\Users\Kim\Documents\RegRun2
2015-04-23 18:02 - 2015-04-23 18:02 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2015-04-23 18:02 - 2015-04-23 18:02 - 00003324 _____ () C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2015-04-23 18:02 - 2015-04-23 18:02 - 00000983 _____ () C:\Users\Kim\Desktop\UnHackMe.lnk
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2015-04-23 18:02 - 2015-04-23 18:02 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2015-04-23 18:02 - 2015-04-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2015-04-23 18:02 - 2015-04-23 18:02 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-04-23 18:02 - 2015-04-22 16:04 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2015-04-23 18:00 - 2015-04-23 18:01 - 16823799 _____ () C:\Users\Kim\Downloads\unhackmeb.zip
2015-04-23 17:59 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\RegRun
2015-04-23 17:58 - 2015-04-23 17:58 - 00348381 _____ () C:\Users\Kim\Downloads\tdl-detector.zip
2015-04-23 17:54 - 2015-04-23 17:54 - 00688992 _____ (Swearware) C:\Users\Kim\Downloads\dds.scr
2015-04-23 17:54 - 2015-04-23 17:54 - 00050477 _____ () C:\Users\Kim\Downloads\Defogger.exe
2015-04-23 17:51 - 2015-04-23 18:39 - 00000000 ____D () C:\Users\Kim\Desktop\mbar
2015-04-23 17:51 - 2015-04-23 17:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kim\Downloads\mbar-1.09.1.1004.exe
2015-04-23 15:07 - 2015-04-23 15:07 - 00098330 _____ () C:\Users\Kim\Documents\2015 april.reg
2015-04-23 10:49 - 2015-04-23 17:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 10:49 - 2015-04-23 17:30 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 10:49 - 2015-04-23 10:49 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 10:49 - 2015-04-23 10:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 10:49 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-23 10:49 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-23 10:48 - 2015-04-23 10:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kim\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-23 10:41 - 2015-04-23 17:07 - 00000000 ____D () C:\Users\Kim\AppData\Local\CrashDumps
2015-04-23 10:35 - 2015-04-23 10:35 - 04318672 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kim\Downloads\UsbFix_7.927.exe
2015-04-23 10:32 - 2015-04-23 11:17 - 00000000 ____D () C:\UsbFix
2015-04-23 10:31 - 2015-04-23 10:32 - 04312488 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kim\Downloads\UsbFix.exe
2015-04-23 10:29 - 2015-04-23 10:33 - 18880096 _____ (Adlice Software ) C:\Users\Kim\Downloads\setup.exe
2015-04-23 09:50 - 2015-04-23 16:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-23 09:50 - 2015-04-23 10:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-23 09:45 - 2015-04-23 09:48 - 16884312 _____ () C:\Users\Kim\Downloads\RogueKiller.exe
2015-04-23 09:18 - 2015-04-23 17:22 - 00284275 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 17:00 - 2015-04-20 17:00 - 00022176 _____ () C:\Users\Kim\Downloads\business_plan.odt
2015-04-20 17:00 - 2015-04-20 17:00 - 00002709 _____ () C:\Users\Kim\Downloads\spreadsheets(2).zip
2015-04-20 16:41 - 2015-04-20 16:41 - 00002712 _____ () C:\Users\Kim\Downloads\spreadsheets(1).zip
2015-04-20 16:00 - 2015-04-20 16:00 - 00002741 _____ () C:\Users\Kim\Downloads\spreadsheets.zip
2015-04-20 12:52 - 2015-04-20 12:52 - 00025600 _____ () C:\Users\Kim\Downloads\Cash-Flow.xls
2015-04-20 12:52 - 2015-04-20 12:52 - 00023040 _____ () C:\Users\Kim\Downloads\Balance-Sheet.xls
2015-04-20 12:52 - 2015-04-20 12:52 - 00022016 _____ () C:\Users\Kim\Downloads\Income-Statement.xls
2015-04-20 08:48 - 2015-04-20 08:48 - 00003184 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag4_Startup
2015-04-20 08:48 - 2015-04-20 08:48 - 00003182 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag4_Update
2015-04-20 08:48 - 2015-04-20 08:48 - 00001150 _____ () C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-04-20 08:48 - 2015-04-20 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-04-20 08:48 - 2015-04-20 08:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-20 08:48 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-04-20 08:46 - 2015-04-20 08:46 - 07428536 _____ (IObit ) C:\Users\Kim\Downloads\smart-defrag-setup.exe
2015-04-18 22:20 - 2015-04-18 22:20 - 00025544 _____ () C:\Users\Kim\Downloads\Book%202.xlsx
2015-04-18 20:57 - 2015-04-18 20:57 - 00020379 _____ () C:\Users\Kim\Downloads\Book%201.xlsx
2015-04-18 18:42 - 2015-04-18 20:50 - 00019199 _____ () C:\Users\Kim\Downloads\Book.xlsx
2015-04-17 09:15 - 2015-04-17 09:15 - 00040936 _____ () C:\Users\Kim\Downloads\(500127663) Youngblood - Payments 1 - received 4-16-15.xlsx
2015-04-15 12:48 - 2015-04-20 17:03 - 00000430 _____ () C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job
2015-04-15 12:48 - 2015-04-15 12:48 - 00003210 _____ () C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5
2015-04-15 12:22 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-15 12:22 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-15 12:22 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-15 12:22 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-14 20:23 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 20:23 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 20:23 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 20:23 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 20:23 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 20:23 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 20:23 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 20:23 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 20:23 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 20:23 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 20:23 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 20:23 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 20:23 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 20:23 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 20:23 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 20:23 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 20:23 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 20:23 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 20:23 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 20:23 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 20:23 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 20:23 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 20:23 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 20:23 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 20:23 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 20:23 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 20:23 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 20:23 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 20:23 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 20:23 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 20:23 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 20:23 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 20:23 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 20:23 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 20:23 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 20:23 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 20:23 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 20:23 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 20:23 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 20:23 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 20:23 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 20:23 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 20:23 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 20:23 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 20:23 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 20:23 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 20:23 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 20:23 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 20:23 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 20:23 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 20:23 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 20:23 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 20:23 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 20:23 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 20:23 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 20:23 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 20:23 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 09:51 - 2015-04-14 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-09 11:53 - 2015-04-09 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 17:52 - 2015-04-08 17:57 - 40896120 _____ () C:\Users\Kim\Downloads\Mozilla_Firefox_v37.0.exe
2015-04-07 10:12 - 2015-04-07 10:12 - 00000000 ____D () C:\Users\Kim\AppData\Local\{E766A644-C0C5-47F3-A8A7-E70067FC6F22}
2015-04-06 20:07 - 2015-04-06 20:07 - 00000000 ____D () C:\Users\Kim\AppData\Local\{D598292D-636D-4F5B-B976-090D6CA17524}
2015-04-05 14:27 - 2015-04-05 14:45 - 57828984 _____ () C:\Users\Kim\Downloads\calibre-portable-installer-2.23.0.exe
2015-04-04 19:46 - 2015-04-04 19:49 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 19:46 - 2015-04-04 19:46 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-02 20:47 - 2015-04-02 20:47 - 00000000 ____D () C:\Users\Kim\AppData\Local\{C056AFA8-44BE-4590-8E3F-7FFCE0DADB81}
2015-04-01 14:27 - 2015-04-01 14:30 - 00000400 _____ () C:\InstallHelper.log
2015-04-01 14:26 - 2015-04-01 14:26 - 00002021 _____ () C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\ProgramData\eBay
2015-04-01 14:26 - 2015-04-01 14:26 - 00000000 ____D () C:\Program Files (x86)\eBay
2015-04-01 11:08 - 2015-04-01 11:11 - 33486880 _____ (eBay Inc. ) C:\Users\Kim\Downloads\setupUS.exe
2015-03-31 14:53 - 2015-04-05 20:34 - 00000000 ____D () C:\Users\Kim\Downloads\PopcornTime
2015-03-30 18:33 - 2015-03-30 18:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\{27A27A88-3B40-4D2A-9988-091230C93194}
2015-03-30 11:03 - 2015-03-30 11:03 - 00000000 ____D () C:\Users\Kim\AppData\Local\TechSmith
2015-03-30 11:02 - 2015-04-01 09:50 - 00000000 ____D () C:\Users\Kim\228002049E5345C7B6F35BB0F1C1A147.TMP
2015-03-30 11:02 - 2015-03-30 11:02 - 06692840 _____ () C:\Users\Kim\Downloads\jing.exe
2015-03-29 17:19 - 2015-03-29 17:19 - 12220448 _____ (Telegram Messenger LLP ) C:\Users\Kim\Downloads\tsetup.0.8.0.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 23:12 - 2015-01-01 21:05 - 04220416 ___SH () C:\Users\Kim\Downloads\Thumbs.db
2015-04-23 23:12 - 2012-08-10 19:45 - 00000838 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-04-23 23:10 - 2014-12-04 13:36 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD262271-09D9-4804-AAFE-5DB095F19793}
2015-04-23 23:09 - 2012-09-25 02:35 - 00004524 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-04-23 23:09 - 2012-09-25 02:35 - 00000061 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-04-23 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-23 22:42 - 2014-12-04 17:27 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 22:42 - 2014-12-04 17:27 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 22:32 - 2014-12-04 17:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-23 21:59 - 2014-12-04 17:24 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\ClassicShell
2015-04-23 19:09 - 2014-12-04 13:43 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2957821300-2947077752-1965256310-1001
2015-04-23 17:13 - 2014-12-04 13:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\Packages
2015-04-23 17:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-23 16:58 - 2014-12-08 16:07 - 00000000 ____D () C:\Users\Kim\OneDrive
2015-04-23 16:56 - 2014-12-07 15:23 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-04-23 16:54 - 2014-12-06 23:04 - 00000350 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-04-23 16:54 - 2014-12-06 23:04 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-04-23 16:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\security
2015-04-23 16:52 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-23 16:51 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-23 10:43 - 2014-12-04 14:27 - 00000000 ____D () C:\Program Files\pia_manager
2015-04-23 10:09 - 2014-12-06 23:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-22 20:16 - 2014-12-29 21:16 - 00003156 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKim
2015-04-22 20:16 - 2014-12-29 21:16 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKim.job
2015-04-21 21:34 - 2014-12-07 12:51 - 00000000 ____D () C:\Users\Kim\Documents\ScanSnap
2015-04-21 21:16 - 2014-12-04 22:33 - 00000000 ____D () C:\ProgramData\Syscon
2015-04-21 08:47 - 2014-09-24 02:15 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-20 10:04 - 2014-12-04 19:14 - 00000246 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-04-20 08:49 - 2014-12-08 15:12 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-20 08:47 - 2014-12-06 23:19 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\IObit
2015-04-20 08:43 - 2014-12-06 23:19 - 00000000 ____D () C:\ProgramData\IObit
2015-04-20 08:36 - 2014-12-10 11:09 - 00002392 _____ () C:\Users\Kim\Documents\CheckDiskReport.txt
2015-04-19 09:32 - 2014-12-10 18:46 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-04-15 19:45 - 2014-12-04 17:27 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 16:18 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 09:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 09:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 21:11 - 2014-12-07 14:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-14 21:11 - 2014-12-07 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 21:10 - 2014-12-06 18:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 20:58 - 2014-12-06 18:23 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 20:51 - 2012-07-26 00:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-04-14 20:39 - 2014-12-10 20:06 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 20:39 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 09:51 - 2014-12-04 17:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:51 - 2014-12-04 17:25 - 00000000 ____D () C:\Users\Kim\AppData\Local\Adobe
2015-04-13 18:24 - 2014-09-24 04:55 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2014-09-24 04:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 14:51 - 2014-12-04 17:54 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\tixati
2015-04-13 12:09 - 2014-12-04 17:56 - 00000000 ____D () C:\Users\Kim\Desktop\Tixati
2015-04-13 08:32 - 2014-12-04 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 14:08 - 2014-12-04 17:47 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\MediaMonkey
2015-04-08 18:06 - 2014-12-04 13:45 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 18:06 - 2014-12-04 13:45 - 00001123 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 14:41 - 2015-01-31 22:35 - 00000000 ____D () C:\Users\Kim\Downloads\Pics and Gifs
2015-04-07 19:01 - 2014-12-07 13:20 - 00000000 ____D () C:\Users\Kim\Desktop\Personal Files
2015-04-02 21:25 - 2014-12-13 22:45 - 00000698 _____ () C:\Users\Kim\AppData\Roaming\burnaware.ini
2015-04-02 08:47 - 2014-12-07 12:57 - 00000000 ____D () C:\Users\Kim\Documents\Dons stuff
2015-04-01 10:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-01 10:18 - 2014-12-06 23:04 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\GlarySoft
2015-04-01 09:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-04-01 09:54 - 2014-12-08 15:29 - 00000000 ____D () C:\Users\Kim
2015-04-01 09:51 - 2015-01-13 08:57 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\QFX Software
2015-04-01 09:51 - 2014-12-08 22:25 - 00000000 ____D () C:\Users\Question
2015-04-01 09:50 - 2015-02-18 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-01 09:50 - 2015-01-13 08:57 - 00000000 ____D () C:\ProgramData\QFX Software
2015-04-01 09:50 - 2014-12-04 17:16 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-04-01 09:50 - 2014-12-04 13:36 - 00000000 ____D () C:\Users\Kim\AppData\Local\bluesoleil
2015-04-01 09:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-26 15:23 - 2015-01-31 22:34 - 00000000 ____D () C:\Users\Kim\Downloads\PDF Docs
2015-03-24 14:02 - 2014-12-07 14:31 - 00000000 ____D () C:\Users\Kim\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2014-12-13 22:45 - 2015-04-02 21:25 - 0000698 _____ () C:\Users\Kim\AppData\Roaming\burnaware.ini
2014-12-07 14:05 - 2014-12-07 16:21 - 0000115 _____ () C:\Users\Kim\AppData\Roaming\LogFile.txt
2014-12-04 20:50 - 2014-12-04 20:50 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Kim\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kim\AppData\Local\Temp\gusetup2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-23 19:09
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Kim at 2015-04-23 23:16:19
Running from C:\Users\Kim\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2957821300-2947077752-1965256310-500 - Administrator - Disabled)
Guest (S-1-5-21-2957821300-2947077752-1965256310-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2957821300-2947077752-1965256310-1003 - Limited - Enabled)
Kim (S-1-5-21-2957821300-2947077752-1965256310-1001 - Administrator - Enabled) => C:\Users\Kim
Question (S-1-5-21-2957821300-2947077752-1965256310-1004 - Limited - Enabled) => C:\Users\Question
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader for ScanSnap 4.1 (HKLM-x32\...\{FB410000-0001-0000-0000-074957833700}) (Version: 8.02.449.72515 - ABBYY)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Amazon Cloud Drive (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Amazon Cloud Drive) (Version: 2.2.4.6 - Amazon Digital Services, LLC.)
Amazon Music (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
APRWIN 6.2 (HKLM-x32\...\{BE522F3B-76D9-445D-BDD7-4969B77E5412}) (Version: 6.20.0000 - Comptroller of the Currency)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Professional 7.1 Retail (HKLM-x32\...\BurnAware Professional_is1) (Version: - Burnaware)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L20 - PFU)
CardMinder V4.1 (x32 Version: 4.1.20.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1601.0 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.5.2567 - Evernote Corp.)
Foxit PhantomPDF Business (HKLM-x32\...\{8A601904-4113-40FE-9DCC-7A38CE1A8032}) (Version: 7.0.6.1126 - Foxit Software Inc.)
Freenet version 0.7.5 build 1467 (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1467 - freenetproject.org)
Glary Utilities PRO 5.18 (HKLM-x32\...\Glary Utilities 5) (Version: 5.18.0.31 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version: - )
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
Magic DVD Copier V9.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
Magic DVD Ripper V9.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Plague Inc Evolved v0.8 (Include Scenario Maker) (HKLM-x32\...\Plague Inc Evolved v0.8 (Include Scenario Maker)0.8) (Version: 0.8 - Friends in War)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2 - Popcorn Time)
Portrait Professional Studio 10.9 (HKLM-x32\...\Portrait Professional Studio 10 PREACTIVATED by .:sHaRe:._is1) (Version: 10.9 - )
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Scan to Microsoft SharePoint (HKLM-x32\...\{360824C5-ECEC-4A5D-8032-1A365962912C}) (Version: 3.4.0 - KnowledgeLake)
ScanSnap (x32 Version: 5.1.20.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L20 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L20 - PFU)
ScanSnap Organizer (x32 Version: 4.1.20.12 - PFU LIMITED) Hidden
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spotify (HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.1.1.2876 - Stamps.com, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Logo Creator v6 6.0 (HKLM-x32\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software)
Tixati (HKLM-x32\...\tixati) (Version: - )
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version: - )
UnHackMe 7.72 beta (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Unseen App version 0.2.5 (HKLM-x32\...\{5C349BCB-70DB-46DE-8E0E-F07A2B1C0B91}_is1) (Version: 0.2.5 - Unseen, ehf.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2957821300-2947077752-1965256310-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
04-04-2015 19:44:31 Windows Update
12-04-2015 14:25:19 Scheduled Checkpoint
15-04-2015 16:17:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D213C6E-0731-42E7-91B0-76CFA1CAAC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {15E58AFF-CBC0-43C5-9907-55EDD3B4BA95} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {237D8813-0733-4E17-8D91-0B49273F83DB} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-03-31] (IObit)
Task: {242DA7D5-3099-4635-8E30-53D263DFCCF8} - System32\Tasks\DeviceDetector7 => C:\Program Files (x86)\CyberLink\MediaEspresso7\DeviceDetector\DeviceDetector7.exe [2014-06-16] (CyberLink)
Task: {27CDA547-DCE4-4E7E-A187-A5D0EA6CB180} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {2FE7BF52-1D8C-42E9-BD28-2235225F13EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {43949F4D-6A59-4FBD-8AFF-0282D0E76808} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {4492EA04-D5B2-4FB5-802C-EACA3E9278CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {4A64B4A4-741B-4119-B787-4D11375B78E5} - System32\Tasks\HPCeeScheduleForKim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4E75CD3A-BF26-4323-8B9E-CA870E127DD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {518B3B26-5F87-452A-AD8D-0D963A279C67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {545C2DC8-4432-44A2-B3FC-6479908B9AB3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6304D6D1-5028-4821-B183-87F7F6FCB9C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3982M8ZZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {64E15611-B681-4ABF-A15E-16C49067E6A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {67E2B585-AF97-4324-8585-4BDE22280482} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {6803355F-647C-4B04-8A30-04ED1EA8F3D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {88379453-E9C9-4F9C-A52D-B6797F4B5456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {97CC5307-BEAD-4C86-A7D7-167C1F91FD68} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {98D6E5A6-247E-4673-AFC0-2502ED9FFD7F} - System32\Tasks\Amazon Music Helper => C:\Users\Kim\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-08] ()
Task: {9CD0DF83-9D8B-471E-B033-B1D66E089127} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-02-01] (Glarysoft Ltd)
Task: {A2434B76-E64C-49BE-BDCD-0CA2D9B950A8} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-02-01] (Glarysoft Ltd)
Task: {A6CA50C7-D505-44A6-BC46-D06B6F2DEAAA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-07] ()
Task: {BBE5FB16-B38F-4710-A1BA-AC02AAB40055} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C4E5C3C4-C42A-45C3-9D5B-DFEF29A19335} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C778AA5D-740A-4D7B-9C6B-A9C0A4BD05CB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CA36ACF3-9082-4D5F-BE05-CDB46A3270C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {CE824E27-A661-4AC0-9CD3-C6FF421AA856} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2015-04-22] (Greatis Software)
Task: {CFC4563F-823E-44C5-BB62-5D2F8FBE2499} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-02-01] (Glarysoft Ltd)
Task: {D5E7C13A-0D2C-47EB-A2A3-1121B65B5C89} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EE812BFB-65F4-45AB-B3DA-112E413010FD} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-04-23] ()
Task: {F09846BC-7455-4CA9-93FE-8EA1E23E080A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-12-10] (Synaptics Incorporated)
Task: {F636FB7B-EC35-4D96-A159-FB6C6E96628C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FE351826-1017-43E2-9FC2-40F025AF451E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2012-09-25 02:59 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-10 20:11 - 2012-07-10 20:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-12-04 14:27 - 2015-04-23 10:42 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2013-12-19 11:36 - 2014-12-06 22:42 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-12-04 14:27 - 2015-04-23 10:43 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-20 08:48 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-07-10 20:14 - 2012-07-10 20:14 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-07-27 16:51 - 2012-07-27 16:51 - 00346112 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-25 02:25 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00012800 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009728 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00014848 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-23 16:53 - 2015-04-23 16:53 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\src\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009216 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00126976 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00087552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00016384 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-23 16:54 - 2015-04-23 16:54 - 00127316 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\libffi-6.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00013312 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00095744 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00012800 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009728 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00014848 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\src\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00094208 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00118784 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00069120 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00083968 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\zlib1.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00275968 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00015360 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008192 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00009216 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00023552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00008704 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00036352 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00126976 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00087552 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00016384 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00127316 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\libffi-6.dll
2015-04-23 16:55 - 2015-04-23 16:55 - 00013312 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00095744 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-23 16:55 - 2015-04-23 16:55 - 00026624 _____ () C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-04 14:27 - 2015-04-23 10:42 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-12-04 14:27 - 2015-04-23 10:43 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-12-04 14:27 - 2015-04-23 10:42 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-04-22 21:20 - 2015-04-22 21:20 - 01056312 _____ () C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\lhn02apx.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2012-08-10 12:55 - 2012-08-10 12:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 19:28 - 2012-05-02 19:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Kim\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Question\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\Pictures\Backgrounds Wallpapers HD\20243.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G9"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2957821300-2947077752-1965256310-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Faulty Device Manager Devices =============
Name: HK Onyx Studio Stereo
Description: Bluetooth Stereo
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2DP
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
Name: HK Onyx Studio Audio/Video Remote Control HID
Description: Bluetooth Audio/Video Remote Control HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: BthAvrcpTg
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2015 05:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0xebc
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
Error: (04/23/2015 04:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x7fc
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
Error: (04/23/2015 00:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDRulesEngine.exe, version: 1.6.4.2, time stamp: 0x505a960f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x2084
Faulting application start time: 0xWDRulesEngine.exe0
Faulting application path: WDRulesEngine.exe1
Faulting module path: WDRulesEngine.exe2
Report Id: WDRulesEngine.exe3
Faulting package full name: WDRulesEngine.exe4
Faulting package-relative application ID: WDRulesEngine.exe5
Error: (04/23/2015 00:43:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
at System.Data.SQLite.SQLiteConnection.CheckDisposed()
at System.Data.SQLite.SQLiteConnection.get_State()
at BackupRulesDB.Close()
at BackupRulesDB.Dispose(Boolean)
at BackupRulesDB.Finalize()
Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6545ca20
Faulting process id: 0xe90
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5
Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x00725ce0
Faulting process id: 0xe90
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5
Error: (04/23/2015 10:41:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6545ca20
Faulting process id: 0x5ec
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5
Error: (04/23/2015 10:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_17_0_0_169.exe, version: 17.0.0.169, time stamp: 0x5529da64
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x01005ce0
Faulting process id: 0x5ec
Faulting application start time: 0xFlashPlayerPlugin_17_0_0_169.exe0
Faulting application path: FlashPlayerPlugin_17_0_0_169.exe1
Faulting module path: FlashPlayerPlugin_17_0_0_169.exe2
Report Id: FlashPlayerPlugin_17_0_0_169.exe3
Faulting package full name: FlashPlayerPlugin_17_0_0_169.exe4
Faulting package-relative application ID: FlashPlayerPlugin_17_0_0_169.exe5
Error: (04/23/2015 09:24:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (04/23/2015 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x91c
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
System errors:
=============
Error: (04/23/2015 10:30:35 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
Error: (04/23/2015 10:30:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (04/23/2015 10:26:12 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
Error: (04/23/2015 10:25:51 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (04/23/2015 09:22:44 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
Error: (04/23/2015 09:22:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (04/23/2015 09:04:59 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
Error: (04/23/2015 09:04:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (04/23/2015 09:03:58 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
Error: (04/23/2015 09:03:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Microsoft Office Sessions:
=========================
Error: (04/23/2015 05:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53debc01d07e1737f3a94eC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll7be01411-ea0a-11e4-be9e-689423941040
Error: (04/23/2015 04:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53d7fc01d07e0fd68f44f8C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll1a74a26d-ea03-11e4-be9e-689423941040
Error: (04/23/2015 00:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDRulesEngine.exe1.6.4.2505a960fKERNELBASE.dll6.3.9600.1741554504adee043435200014598208401d07ddbeb1f732fC:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3a845718-e9e0-11e4-be9d-689423941040
Error: (04/23/2015 00:43:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
at System.Data.SQLite.SQLiteConnection.CheckDisposed()
at System.Data.SQLite.SQLiteConnection.get_State()
at BackupRulesDB.Close()
at BackupRulesDB.Dispose(Boolean)
at BackupRulesDB.Finalize()
Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00000056545ca20e9001d07ddc101d630bC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown4e06ea29-e9cf-11e4-be9d-689423941040
Error: (04/23/2015 10:42:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00001a500725ce0e9001d07ddc101d630bC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown4dd8cd7b-e9cf-11e4-be9d-689423941040
Error: (04/23/2015 10:41:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00000056545ca205ec01d07ddbf4ee1deaC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown3443116f-e9cf-11e4-be9d-689423941040
Error: (04/23/2015 10:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c00001a501005ce05ec01d07ddbf4ee1deaC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown32ab5a5b-e9cf-11e4-be9d-689423941040
Error: (04/23/2015 09:24:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Kim\Downloads\Programs\SoftonicDownloader_for_photoscape.exe
Error: (04/23/2015 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll0.0.0.050247825c00000940000d53d91c01d07dd09f86d095C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dlle123fe2e-e9c3-11e4-be9d-689423941040
CodeIntegrity Errors:
===================================
Date: 2014-12-10 17:48:19.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 17:10:29.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:55:30.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:47:25.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:36:55.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:28:43.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:28:39.160
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:28:07.342
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:27:30.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 15:27:30.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 6036.27 MB
Available physical RAM: 2401.14 MB
Total Pagefile: 12180.27 MB
Available Pagefile: 8253.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:671.78 GB) (Free:564.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.65 GB) (Free:3.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:785.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4C7F4374)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version:
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Insyde
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion g7 Notebook PC
Logical Drives Mask: 0x000000dc
Kernel Drivers (total 205):
0x75C79000 \SystemRoot\system32\ntoskrnl.exe
0x75C09000 \SystemRoot\system32\hal.dll
0x74EEB000 \SystemRoot\system32\kd.dll
0x21EE4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x21F61000 \SystemRoot\System32\drivers\werkernel.sys
0x21F6F000 \SystemRoot\System32\drivers\CLFS.SYS
0x21FD1000 \SystemRoot\System32\drivers\tm.sys
0x21E00000 \SystemRoot\system32\PSHED.dll
0x21E15000 \SystemRoot\system32\BOOTVID.dll
0x21E1F000 \SystemRoot\system32\CI.dll
0x22009000 \SystemRoot\System32\drivers\msrpc.sys
0x22066000 \SystemRoot\system32\drivers\Wdf01000.sys
0x22135000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x22146000 \SystemRoot\System32\Drivers\acpiex.sys
0x2215E000 \SystemRoot\System32\Drivers\WppRecorder.sys
0x22169000 \SystemRoot\System32\drivers\ACPI.sys
0x221F1000 \SystemRoot\System32\drivers\WMILIB.SYS
0x222E7000 \SystemRoot\System32\Drivers\cng.sys
0x22373000 \SystemRoot\System32\drivers\jpwo.sys
0x22389000 \SystemRoot\System32\drivers\msisadrv.sys
0x22393000 \SystemRoot\System32\drivers\pci.sys
0x223DB000 \SystemRoot\System32\drivers\vdrvroot.sys
0x22200000 \SystemRoot\system32\drivers\pdc.sys
0x2221C000 \SystemRoot\System32\drivers\partmgr.sys
0x22234000 \SystemRoot\System32\drivers\spaceport.sys
0x2229D000 \SystemRoot\System32\drivers\volmgr.sys
0x22400000 \SystemRoot\System32\drivers\volmgrx.sys
0x2245F000 \SystemRoot\System32\drivers\mountmgr.sys
0x2265E000 \SystemRoot\System32\drivers\iaStorA.sys
0x22928000 \SystemRoot\System32\drivers\storport.sys
0x229A0000 \SystemRoot\system32\drivers\fltmgr.sys
0x22600000 \SystemRoot\System32\drivers\fileinfo.sys
0x22616000 \SystemRoot\System32\Drivers\Wof.sys
0x22ACE000 \SystemRoot\System32\Drivers\Ntfs.sys
0x22CC8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x22CE4000 \SystemRoot\System32\drivers\pcw.sys
0x22CF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x2247A000 \SystemRoot\system32\drivers\ndis.sys
0x22CFF000 \SystemRoot\system32\drivers\NETIO.SYS
0x22D77000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x22EC0000 \SystemRoot\System32\drivers\tcpip.sys
0x2312C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x23198000 \SystemRoot\system32\DRIVERS\wfplwfs.sys
0x22E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x22E95000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x22DA8000 \SystemRoot\System32\drivers\volsnap.sys
0x22E9F000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x22A00000 \SystemRoot\System32\drivers\rdyboost.sys
0x22EA7000 \SystemRoot\System32\Drivers\mup.sys
0x231BD000 \SystemRoot\System32\drivers\intelpep.sys
0x231D8000 \SystemRoot\System32\drivers\disk.sys
0x22A46000 \SystemRoot\System32\drivers\CLASSPNP.SYS
0x22A9C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x22591000 \SystemRoot\System32\drivers\cdrom.sys
0x231F4000 \SystemRoot\System32\Drivers\Null.SYS
0x231CC000 \SystemRoot\System32\Drivers\Beep.SYS
0x22AB1000 \SystemRoot\System32\drivers\BasicRender.sys
0x2349C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x2361C000 \SystemRoot\System32\drivers\watchdog.sys
0x2362E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x23691000 \SystemRoot\System32\drivers\BasicDisplay.sys
0x236A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x236B7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x236C3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x236E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x236F1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x2373D000 \SystemRoot\system32\drivers\afd.sys
0x237CF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x23400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x23418000 \SystemRoot\system32\DRIVERS\NNSNAHSL.sys
0x23427000 \SystemRoot\system32\DRIVERS\netbios.sys
0x238FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x2396A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x23983000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x23800000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x238E5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x238EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x239A9000 \SystemRoot\system32\DRIVERS\psinknc.sys
0x239DE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x239EC000 \SystemRoot\System32\drivers\npsvctrig.sys
0x23438000 \SystemRoot\system32\DRIVERS\NNSTlsc.sys
0x23456000 \SystemRoot\system32\DRIVERS\NNSStrm.sys
0x225BF000 \SystemRoot\system32\DRIVERS\NNSSmtp.sys
0x23A3D000 \SystemRoot\system32\DRIVERS\NNSPrv.sys
0x23A84000 \SystemRoot\system32\DRIVERS\NNSProt.sys
0x23AD4000 \SystemRoot\system32\DRIVERS\NNSPop3.sys
0x23AF9000 \SystemRoot\system32\DRIVERS\NNSPihsw.sys
0x23B10000 \SystemRoot\system32\DRIVERS\NNSPicc.sys
0x23B2F000 \SystemRoot\system32\DRIVERS\NNSIds.sys
0x23B57000 \SystemRoot\system32\DRIVERS\NNSHttps.sys
0x23B78000 \SystemRoot\system32\DRIVERS\NNSHttp.sys
0x23BAF000 \SystemRoot\system32\DRIVERS\NNSAlpc.sys
0x23BCA000 \SystemRoot\System32\drivers\mssmbios.sys
0x23BD6000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
0x23BF4000 \??\C:\Windows\System32\drivers\GUBootStartup.sys
0x23A00000 \SystemRoot\System32\Drivers\dfsc.sys
0x23A26000 \SystemRoot\system32\DRIVERS\ahcache.sys
0x22ABF000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x222B2000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x22641000 \SystemRoot\System32\drivers\CompositeBus.sys
0x22DF7000 \SystemRoot\System32\drivers\serscan.sys
0x239F8000 \SystemRoot\system32\drivers\ksthunk.sys
0x23C88000 \SystemRoot\system32\drivers\ks.sys
0x23CD6000 \SystemRoot\system32\DRIVERS\kdnic.sys
0x23CE1000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x23D0C000 \SystemRoot\System32\drivers\umbus.sys
0x23D1D000 \SystemRoot\System32\drivers\CmBatt.sys
0x23D24000 \SystemRoot\System32\drivers\BATTC.SYS
0x23E5D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x2421C000 \SystemRoot\System32\drivers\USBXHCI.SYS
0x24271000 \SystemRoot\System32\drivers\ucx01000.sys
0x242A3000 \SystemRoot\System32\drivers\HECIx64.sys
0x242B6000 \SystemRoot\System32\drivers\usbehci.sys
0x242CE000 \SystemRoot\System32\drivers\USBPORT.SYS
0x2433D000 \SystemRoot\System32\drivers\HDAudBus.sys
0x244FE000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x24768000 \SystemRoot\System32\drivers\vwifibus.sys
0x2486C000 \SystemRoot\System32\drivers\rtbth.sys
0x24400000 \SystemRoot\system32\DRIVERS\Rt630x64.sys
0x249DB000 \SystemRoot\System32\drivers\i8042prt.sys
0x24800000 \SystemRoot\System32\drivers\keyscrambler.sys
0x24775000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x24839000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x24845000 \SystemRoot\System32\drivers\kbdclass.sys
0x24857000 \SystemRoot\System32\drivers\mouclass.sys
0x244AB000 \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
0x244B8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x244C5000 \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
0x244CF000 \SystemRoot\System32\drivers\HIDCLASS.SYS
0x244EE000 \SystemRoot\System32\drivers\HIDPARSE.SYS
0x247F4000 \SystemRoot\System32\drivers\wmiacpi.sys
0x24356000 \SystemRoot\System32\drivers\intelppm.sys
0x24374000 \SystemRoot\System32\drivers\NdisVirtualBus.sys
0x24867000 \SystemRoot\System32\Drivers\BtAudioBus.sys
0x249FA000 \SystemRoot\System32\drivers\swenum.sys
0x2437F000 \SystemRoot\System32\drivers\iwdbus.sys
0x2438B000 \SystemRoot\System32\drivers\CLVirtualBus01.sys
0x243A8000 \SystemRoot\System32\drivers\rdpbus.sys
0x23D30000 \SystemRoot\System32\drivers\usbhub.sys
0x23C00000 \SystemRoot\System32\drivers\UsbHub3.sys
0x24AD1000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x24B5A000 \SystemRoot\system32\DRIVERS\portcls.sys
0x24BA1000 \SystemRoot\system32\DRIVERS\drmk.sys
0x24A00000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x24A58000 \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys
0x24A63000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x24C57000 \SystemRoot\System32\Drivers\bthport.sys
0x24D82000 \SystemRoot\system32\DRIVERS\BthLEEnum.sys
0x24DBF000 \SystemRoot\System32\drivers\rfcomm.sys
0x24DED000 \SystemRoot\System32\drivers\BthEnum.sys
0x24C00000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x24C21000 \SystemRoot\System32\Drivers\BtL2caScoIf.sys
0x24A7C000 \SystemRoot\System32\drivers\USBSTOR.SYS
0x24C33000 \SystemRoot\System32\drivers\wdcsam64.sys
0x24AA2000 \SystemRoot\System32\drivers\usbccgp.sys
0x24C37000 \SystemRoot\System32\drivers\hidusb.sys
0x24C45000 \SystemRoot\System32\drivers\kbdhid.sys
0x24BBD000 \SystemRoot\System32\drivers\mouhid.sys
0x24BCA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x24996000 \SystemRoot\System32\Drivers\fastfat.SYS
0x249CF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x24EDB000 \SystemRoot\System32\Drivers\dump_iaStorA.sys
0x251A5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0010C000 \SystemRoot\System32\win32k.sys
0x251BB000 \SystemRoot\System32\drivers\monitor.sys
0x0066F000 \SystemRoot\System32\TSDDD.dll
0x00918000 \SystemRoot\System32\cdd.dll
0x00AD1000 \SystemRoot\System32\ATMFD.DLL
0x251C9000 \SystemRoot\system32\drivers\luafv.sys
0x24E00000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0x24E2B000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0x24E4F000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x24E59000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0x24E79000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0x24E9A000 \SystemRoot\system32\DRIVERS\PSINReg.sys
0x24EB8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x2527D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x252F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x25305000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x25483000 \SystemRoot\system32\drivers\HTTP.sys
0x2557D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x2558C000 \SystemRoot\System32\drivers\condrv.sys
0x2559C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x255BC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x25400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x2531D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x25355000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x255D3000 \SystemRoot\system32\drivers\Ndu.sys
0x2566B000 \SystemRoot\system32\drivers\peauth.sys
0x25714000 \SystemRoot\System32\Drivers\secdrv.SYS
0x2571F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x25762000 \SystemRoot\System32\drivers\tcpipreg.sys
0x25853000 \SystemRoot\System32\DRIVERS\srv2.sys
0x25900000 \SystemRoot\System32\DRIVERS\srv.sys
0x2598E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x259BB000 \SystemRoot\System32\DRIVERS\PSKMAD.sys
0x259CC000 \SystemRoot\system32\drivers\WudfPf.sys
0x25800000 \SystemRoot\System32\drivers\WUDFRd.sys
0x2583D000 \SystemRoot\System32\drivers\WpdUpFltr.sys
0x25848000 \SystemRoot\System32\drivers\WSDPrint.sys
0x25774000 \SystemRoot\System32\drivers\WSDScan.sys
0x257B8000 \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
0x257DE000 \??\C:\WINDOWS\system32\drivers\mwac.sys
0x2561E000 \??\C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys
0x259ED000 \SystemRoot\System32\drivers\umpass.sys
Processes (total 96):
0 System Idle Process
4 System
992 C:\Windows\System32\smss.exe
704 csrss.exe
772 C:\Windows\System32\wininit.exe
872 csrss.exe
916 C:\Windows\System32\services.exe
924 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\winlogon.exe
624 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
1112 dwm.exe
1192 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\igfxCUIService.exe
1356 C:\Windows\System32\svchost.exe
1396 C:\Program Files\IDT\WDM\stacsv64.exe
1572 C:\Windows\System32\hpservice.exe
1624 C:\Windows\System32\svchost.exe
1836 C:\Windows\System32\spoolsv.exe
1880 C:\Windows\System32\svchost.exe
1848 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
1924 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1968 C:\Windows\System32\svchost.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
2068 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2088 dasHost.exe
2120 C:\Program Files\Intel\iCLS Client\HeciServer.exe
2144 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
2172 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
2336 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
2356 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
2368 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
2396 C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
2472 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
2544 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2568 C:\Windows\System32\svchost.exe
2628 C:\Program Files (x86)\Popcorn Time\Updater.exe
2676 C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
3048 WmiPrvSE.exe
3620 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
3864 C:\Windows\System32\svchost.exe
3948 C:\Windows\System32\svchost.exe
3552 C:\Windows\System32\svchost.exe
3640 WmiPrvSE.exe
4808 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
4956 dllhost.exe
3656 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3500 C:\Windows\explorer.exe
4988 C:\Windows\System32\igfxEM.exe
4304 C:\Windows\System32\igfxHK.exe
4712 C:\Windows\System32\igfxTray.exe
4540 C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
1412 C:\Windows\System32\taskhostex.exe
4928 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4204 C:\Program Files\pia_manager\pia_manager.exe
5876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5092 C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
6052 C:\Program Files\Classic Shell\ClassicStartMenu.exe
6128 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
5504 C:\Windows\System32\SearchIndexer.exe
5544 C:\Windows\System32\SkyDrive.exe
5932 C:\Program Files\IDT\WDM\sttray64.exe
3512 C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
2936 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
2528 C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
4312 C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
3876 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
3168 C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
4972 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
4608 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
1068 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
5536 C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
3324 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
5604 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5624 C:\Program Files\Windows Media Player\wmpnetwk.exe
4044 C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe
5144 C:\Program Files\pia_manager\pia_manager.exe
1844 C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe
3872 C:\Program Files\pia_manager\pia_tray\pia_tray.exe
5552 C:\Windows\System32\SettingSyncHost.exe
6728 C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
3696 C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
3356 C:\Program Files\CCleaner\CCleaner64.exe
4032 C:\Windows\System32\wbem\unsecapp.exe
4016 C:\Program Files (x86)\UnHackMe\hackmon.exe
3160 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6332 C:\Windows\System32\taskhost.exe
6464 C:\Program Files\pia_manager\openvpn.exe
5968 C:\Windows\splwow64.exe
4176 C:\Windows\System32\SearchProtocolHost.exe
5908 C:\Windows\System32\SearchFilterHost.exe
7888 C:\Users\Kim\Downloads\MBRCheck.exe
7396 C:\Windows\System32\conhost.exe
208 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`31500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000a8`3f500000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS547575A9E384, Rev: JE4OA50A
PhysicalDrive1 Model Number: WDMy Passport 0748, Rev: 1019
Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1862 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-04-23 22:24:06
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 Hitachi_HTS547575A9E384 rev.JE4OA50A 698.64GB
Running: ufc5mom1.exe; Driver: C:\Users\Kim\AppData\Local\Temp\ufdyafow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000171a00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff96000171a11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
? C:\Windows\SYSTEM32\BsHelpCSps.dll [2936] entry point in ".data" section 0000000002f25055
.text C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe[3168] C:\WINDOWS\system32\IMM32.DLL!ImmProcessKey 00007ffc34355060 14 bytes {JMP QWORD [RIP+0x0]}
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [872:896] fffff960009222d0
Thread C:\WINDOWS\Explorer.EXE [3500:3560] 00007ffc29329970
Thread C:\WINDOWS\Explorer.EXE [3500:3140] 0000000066018d2c
Thread C:\WINDOWS\Explorer.EXE [3500:4424] 00007ffc2932e630
Thread C:\WINDOWS\Explorer.EXE [3500:908] 0000000065509300
Thread C:\WINDOWS\Explorer.EXE [3500:6916] 00007ffc26391120
Thread C:\WINDOWS\Explorer.EXE [3500:6312] 00007ffc29e5ab50
Thread C:\WINDOWS\Explorer.EXE [3500:3352] 00007ffc2970cb00
Thread C:\Windows\System32\SettingSyncHost.exe [5552:6572] 00007ffc24937090
---- Processes - GMER 2.1 ----
Process C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:53:33) 0000000000400000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:53:40) 0000000062d00000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01) 0000000071280000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01) 0000000070600000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:01) 000000006dd40000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:53:30) 0000000010000000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:11) 0000000065000000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06) 00000000005b0000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12) 000000006ab80000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12) 000000006c280000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:12) 0000000070a40000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:54:34) 000000006b740000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06) 0000000065480000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06) 000000006d400000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:06) 00000000628c0000
Library C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr3DA0.tmp\bin\rubyw.exe [4044](2015-04-23 21:55:17) 0000000066940000
Process C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:55:26) 0000000000400000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2015-04-2321:55:26) 0000000062d00000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27) 0000000071280000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27) 0000000070600000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27) 000000006dd40000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:26) 0000000010000000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28) 00000000003d0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28) 000000006e600000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29) 000000006a400000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\zlib1.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:26) 00000000025f0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29) 0000000065080000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29) 00000000671c0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\LIBEAY32.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-04-2321:55:26) 0000000063000000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\SSLEAY32.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-04-2321:55:27) 000000006e400000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29) 0000000068000000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:29) 000000006a1c0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 0000000065000000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006fac0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 0000000070f40000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28) 0000000065480000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006ffc0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006d100000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006adc0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006ab80000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 000000006c280000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 0000000070a40000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:27) 000000006b740000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28) 000000006d400000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:28) 00000000628c0000
Library C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\Kim\AppData\Local\Temp\ocr1907.tmp\bin\rubyw.exe [1844](2015-04-23 21:55:31) 0000000066940000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Attached Files
Edited by questionall4000, 23 April 2015 - 10:38 PM.