TechSpot

Possible Malware? Curser jumping around + internet pop ups

By David9173
May 6, 2015
  1. Hi,

    I'm having some issues with my laptop, hoping someone has some help - my curser is jumping around all over the place on the screen... when I move the curser it might end up at the bottom or top of the screen randomly... also getting loads of pop ups on the internet which is annoying - dont know how I got here or what to do... if someone can help I'd be more than grateful!

    Thanks,

    David.
     
  2. David9173

    David9173 TS Rookie Topic Starter

    I have tried to run a Fabar scan however windows blocks the application everytime I try to run it.

    My laptop is a HP ENVY TS 17 NOTEBOOK
    Running on Windows 8 (64bit)
    Intel Core i7
     
  3. David9173

    David9173 TS Rookie Topic Starter

    I would also like to add that I am getting phantom touches on the touch screen element of my laptop - the screen will scroll up and down randomly and the touch screen will register touches when I havent made any? Really weird... Laptop is only a few months old.
     
  4. David9173

    David9173 TS Rookie Topic Starter

    Sorry - I have now managed to download and run FABAR.

    Here are the logs:

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
    Ran by DSJ (administrator) on ENVY on 06-05-2015 23:24:58
    Running from C:\Users\DSJ\Downloads
    Loaded Profiles: UpdatusUser & DSJ (Available profiles: UpdatusUser & DSJ)
    Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
    () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
    (VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (http://www.ruby-lang.org/) C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (http://www.ruby-lang.org/) C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Farbar) C:\Users\DSJ\Downloads\FRST64(2).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-02] (Synaptics Incorporated)
    HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2014-11-20] ()
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-25]
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: [S-1-5-21-1397891646-1993758957-1736882376-1001] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1397891646-1993758957-1736882376-1002 -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\DSJ\AppData\Roaming\Mozilla\Firefox\Profiles\igo2ejxn.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-03] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
    R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [225976 2014-11-20] ()
    R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3649720 2014-11-20] ()
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
    R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
    R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1979608 2014-11-18] (VMware, Inc.)
    R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [228024 2014-11-21] (VMware)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
    R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-12-01] (VMware, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-29] (Broadcom Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
    S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-06 23:18 - 2015-05-06 23:19 - 00048023 _____ () C:\Users\DSJ\Downloads\Addition.txt
    2015-05-06 23:16 - 2015-05-06 23:25 - 00016647 _____ () C:\Users\DSJ\Downloads\FRST.txt
    2015-05-06 23:16 - 2015-05-06 23:25 - 00000000 ____D () C:\FRST
    2015-05-06 23:15 - 2015-05-06 23:15 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64(2).exe
    2015-05-06 22:26 - 2015-05-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Hp
    2015-05-06 22:24 - 2015-05-06 22:24 - 05197824 _____ () C:\Users\DSJ\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
    2015-05-06 22:15 - 2015-05-06 22:16 - 00000000 ____D () C:\Users\DSJ\Downloads\Instrumentals
    2015-05-06 21:14 - 2015-05-06 21:14 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
    2015-05-06 21:12 - 2015-05-06 21:11 - 00169672 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
    2015-05-06 21:12 - 2015-05-06 21:11 - 00148024 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
    2015-05-06 21:06 - 2015-05-06 21:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-05-06 21:02 - 2015-05-06 21:02 - 00000000 ____D () C:\Users\DSJ\AppData\Roaming\QuickScan
    2015-05-06 20:59 - 2015-05-06 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
    2015-05-06 20:57 - 2015-05-06 20:57 - 00324416 _____ () C:\Users\DSJ\Downloads\BullGuardDownloaderAV.exe
    2015-05-06 19:49 - 2015-05-06 19:49 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64(1).exe
    2015-05-06 19:39 - 2015-05-06 19:39 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64.exe
    2015-05-06 15:03 - 2015-05-06 15:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\DSJ\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-06 11:17 - 2015-05-06 18:36 - 00000000 ____D () C:\Users\DSJ\Downloads\Three 6 Mafia - Hypnotize Minds Discography
    2015-05-06 11:15 - 2015-05-06 11:15 - 00000000 ____D () C:\Users\DSJ\Downloads\[Big Tits In Uniform] Yurizan Beltran [Tatas Under Siege][SD] [.mp4]
    2015-05-06 10:58 - 2015-05-06 11:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Stoupe the Enemy of Mankind - The Decalogue
    2015-05-04 18:40 - 2015-05-04 20:19 - 00000000 ____D () C:\Users\DSJ\Downloads\Papoose - Cigar Society (Official Mixtape - 2014) - axiytuns
    2015-05-04 18:27 - 2015-05-04 21:34 - 00000000 ____D () C:\Users\DSJ\Downloads\Cypress Hill Discography @ 320 (14 Albums)(RAP)(by dragan09)
    2015-05-04 18:14 - 2015-05-05 23:52 - 00000000 ____D () C:\Users\DSJ\Downloads\Wu-Tang Clan Discography @ 320 (22 Albums)(RAP)(by dragan09)
    2015-05-04 18:12 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\DSJ\Downloads\Ghostface Killah
    2015-05-04 10:16 - 2015-05-04 10:34 - 00000000 ____D () C:\Users\DSJ\Downloads\(CNN) Capone-N-Noreaga Discography @320 (5 Albums)(RAP)(by dragan09)
    2015-05-04 04:09 - 2015-05-04 04:10 - 00000000 ____D () C:\Users\DSJ\Downloads\[ www.Torrenting.com ] - Tin Men (1987)-DVDRIp-AC3-Xvid-THC
    2015-05-03 23:27 - 2015-05-04 08:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Lanny_Barbie_Pack
    2015-05-03 23:02 - 2015-05-06 00:03 - 00000000 ____D () C:\Users\DSJ\Downloads\Rocco's World Feet Fetish
    2015-05-03 23:01 - 2015-05-03 23:51 - 00000000 ____D () C:\Users\DSJ\Downloads\*** Worship Full Collection (1-10)
    2015-05-03 22:22 - 2015-05-04 10:05 - 00000000 ____D () C:\Users\DSJ\Downloads\Salesman Sonata Premiere
    2015-05-02 01:41 - 2015-05-02 23:43 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - In The Mix (Rave Revival) 2007 only1joe FLAC-EAC
    2015-05-02 01:15 - 2015-05-04 10:07 - 00000000 ____D () C:\Users\DSJ\Downloads\Best Dance, Techno, Trance, Rave, Oldskool, Club Tunes, Themes & Anthems Collection Ever (by tonyx) (458 tunes)
    2015-05-02 01:07 - 2015-05-06 00:44 - 00000000 ____D () C:\Users\DSJ\Downloads\A.Good.Marriage.Stephen.King.2014.1080p.WEB-DL.H264.AAC.Mp4.Raven
    2015-05-02 01:05 - 2015-05-04 10:10 - 00000000 ____D () C:\Users\DSJ\Downloads\Breakbeat DJ Sets
    2015-05-02 00:17 - 2015-05-02 00:17 - 00000000 ____D () C:\Users\DSJ\Downloads\Underground Rave - 500 tracks!!!
    2015-05-02 00:08 - 2015-05-02 23:48 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Rave Now
    2015-04-30 23:51 - 2015-05-03 09:57 - 00000000 ____D () C:\Users\DSJ\Downloads\Pure Silk-The Home Of UK Garage 2cd mp3-320k m3u by The_Stig@Torrent Force
    2015-04-28 23:42 - 2015-05-06 22:33 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep
    2015-04-26 21:26 - 2015-05-05 16:55 - 00000000 ____D () C:\Users\DSJ\Downloads\2022
    2015-04-26 12:55 - 2015-04-30 23:46 - 00000000 ____D () C:\Users\DSJ\Downloads\Best Chillstep Collection
    2015-04-26 12:43 - 2015-04-26 14:25 - 00000000 ____D () C:\Users\DSJ\Downloads\SteepMusic 50 - Dubstep Vol 29
    2015-04-25 23:41 - 2015-04-26 11:19 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 16 February 2014
    2015-04-25 23:38 - 2015-04-26 11:19 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 30 March 2015
    2015-04-25 21:01 - 2015-04-26 06:43 - 00000000 ____D () C:\Users\DSJ\Downloads\Simply Dubstep - April 2013
    2015-04-25 20:57 - 2015-04-25 22:34 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Super Dubstep Всех времён! (2014) МР3
    2015-04-25 10:15 - 2015-04-25 10:15 - 02515849 _____ (Skyshape Software ) C:\Users\DSJ\Downloads\mp3resizersetup.exe
    2015-04-24 18:30 - 2015-04-29 23:14 - 00000000 ____D () C:\Users\DSJ\Downloads\Can You Handle The Dubstep_
    2015-04-24 18:14 - 2015-04-25 17:14 - 00000000 ____D () C:\Users\DSJ\Downloads\DubStep 2012 Collection [GBR]
    2015-04-24 17:51 - 2015-04-24 20:28 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 18 April 2014
    2015-04-24 17:27 - 2015-04-24 20:35 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Dubstep EPs Vol. 83 by Geloso (07-2014)
    2015-04-24 17:23 - 2015-04-24 17:41 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep Classics (2015)
    2015-04-24 17:22 - 2015-04-24 18:23 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep_Deluxe_100_Top_Hits_2015
    2015-04-21 20:39 - 2015-04-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-21 07:18 - 2015-04-21 20:09 - 00000000 ____D () C:\Users\DSJ\Downloads\Reggae Dancehall Riddim Pack [Feb 2012]
    2015-04-20 19:14 - 2015-04-21 07:03 - 00000000 ____D () C:\Users\DSJ\Downloads\Jungle, ragga jungle and reggae mix
    2015-04-19 23:17 - 2015-04-21 20:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Reggae Dancehall Riddim Pack [April 2012]
    2015-04-19 23:16 - 2015-04-20 19:13 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - 50 Bombes Ragga Dancehall (2013)[Mp3][www.lokotorrents.com]
    2015-04-19 23:02 - 2015-04-20 19:05 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - Ministry Of Sound - Essential Reggae
    2015-04-19 15:07 - 2015-04-19 17:28 - 00000000 ____D () C:\Users\DSJ\Downloads\VA--Drum_and_Bass_Arena_Anthology_2_(Unmixed_and_Mixed)-(DNBA009DD)-WEB-2012-OMA
    2015-04-19 14:57 - 2015-04-21 07:06 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Dubstep and Drum N Bass EPs Vol. 63 by Geloso (2014)
    2015-04-19 14:55 - 2015-04-19 14:55 - 00000000 ____D () C:\Users\DSJ\AppData\Local\MediaShow
    2015-04-19 14:51 - 2015-04-19 17:24 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass Gras v.3
    2015-04-19 14:49 - 2015-05-01 22:54 - 00000000 ____D () C:\Users\DSJ\Downloads\08 August
    2015-04-19 14:49 - 2015-04-19 16:01 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Hospitality Drum and Bass 2013
    2015-04-19 14:05 - 2015-04-19 14:53 - 00000000 ____D () C:\Users\DSJ\Downloads\DJ_SS_Presents_WODB_MIAMI_WODB_LP_2014
    2015-04-19 14:02 - 2015-04-19 15:23 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - X-Treme Drum 'n' Bass (2014) [deepstatus][h33t][1337x]
    2015-04-19 13:56 - 2015-04-19 14:53 - 00000000 ____D () C:\Users\DSJ\Downloads\(2014) Path Of The Warrior
    2015-04-19 13:55 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\DSJ\Downloads\High Contrast - This Is Drum & Bass [2CD] (2009) v-boy
    2015-04-19 13:52 - 2015-04-30 23:58 - 00000000 ____D () C:\Users\DSJ\Downloads\Viper Presents Drum Bass Summer Slammers 2014-(VPRLP007)-WEB-2014
    2015-04-19 13:51 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\DSJ\Downloads\VA-RAM Drum & Bass Annual 2015-(RAMMLPD9)-FLAC-WEB-2014
    2015-04-19 13:21 - 2015-04-19 18:28 - 00000000 ____D () C:\Users\DSJ\Downloads\Monstercat
    2015-04-19 13:13 - 2015-04-19 13:46 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Heroes (2015)
    2015-04-19 13:11 - 2015-04-19 13:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Spor - Caligo
    2015-04-18 02:24 - 2015-04-18 05:17 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.7-8
    2015-04-18 02:21 - 2015-04-18 12:42 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.11
    2015-04-18 01:37 - 2015-04-18 02:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.12-13
    2015-04-18 01:36 - 2015-04-19 11:18 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.14-16
    2015-04-18 01:35 - 2015-04-18 08:29 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum and Bass Pro V.33 from Kulemina (2014) MP3, 320 kbps
    2015-04-16 22:03 - 2015-04-19 14:54 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - RAMiami Drum & Bass 2015
    2015-04-16 22:01 - 2015-04-16 22:12 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Essentials 2009
    2015-04-16 21:52 - 2015-04-16 22:22 - 00000000 ____D () C:\Users\DSJ\Downloads\DJ Marky
    2015-04-16 21:46 - 2015-04-18 00:30 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Arena Summer Selection 2014
    2015-04-16 03:15 - 2015-04-16 18:59 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum and Bass Pro v.22 from AGR (2013) MP3, 320 kbps
    2015-04-16 03:08 - 2015-04-16 18:58 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - Drum & Bass Arena 2014 (2014)
    2015-04-16 02:16 - 2015-04-16 18:55 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum & Bass, DubStep, Trap V.13 from AGR (2014) MP3, 320 kbps
    2015-04-16 01:19 - 2015-04-16 18:56 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum & Bass, DubStep, Trap V.9 from AGR (2014) MP3, 320 kbps
    2015-04-15 23:58 - 2015-04-16 18:51 - 00000000 ____D () C:\Users\DSJ\Downloads\drum and bass 1996-2014
    2015-04-15 23:55 - 2015-04-16 00:14 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Ministry Of Sound Addicted To Bass 2014 (3CD) (2014) [320]
    2015-04-15 22:53 - 2015-04-15 22:53 - 00000000 ____D () C:\Users\DSJ\Downloads\97 Percent Legit Free Dubstep Drum N Bass Collection
    2015-04-15 21:57 - 2015-04-26 19:50 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 24 October 2014
    2015-04-15 21:55 - 2015-04-15 23:52 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 26 December 2014
    2015-04-15 00:55 - 2015-04-15 23:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Showtek
    2015-04-15 00:28 - 2015-04-16 19:30 - 00000000 ____D () C:\Users\DSJ\Downloads\RYM Top 100 Drum & Bass - DnB - Jungle - Techstep LPs 51-100
    2015-04-15 00:24 - 2015-04-15 19:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Then & Now (2015)
    2015-04-15 00:21 - 2015-04-15 23:13 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 31 April 2015
    2015-04-15 00:16 - 2015-04-15 23:07 - 00000000 ____D () C:\Users\DSJ\Downloads\Shaking Ears Collection - Drum'n'Bass Vol.1
    2015-04-14 22:14 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-14 22:14 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-14 22:14 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-04-14 22:14 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-14 22:14 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-04-14 22:14 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2015-04-14 22:14 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-14 22:14 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-14 22:14 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-04-14 22:14 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-04-14 22:14 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-04-14 22:14 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-04-14 22:14 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-14 22:14 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-14 22:14 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-14 22:14 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-14 22:14 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-14 22:14 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-14 22:13 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-14 22:13 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-14 22:13 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-14 22:13 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-14 22:13 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-14 22:13 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-14 22:13 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-04-14 22:13 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-04-14 22:13 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-14 22:13 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-14 22:13 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-04-14 22:13 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-14 22:13 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-14 22:13 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-14 22:13 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-14 22:13 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-14 22:13 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-14 22:13 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-14 22:13 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2015-04-14 22:13 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-14 22:13 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-14 22:13 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-14 22:12 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-14 22:12 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-14 22:12 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-14 22:12 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-04-14 22:12 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-04-14 22:12 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-14 22:12 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-14 22:12 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-14 22:12 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-14 22:12 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-14 22:12 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-14 22:12 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-14 22:12 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-14 22:12 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2015-04-14 22:12 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-04-14 22:12 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-14 22:12 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-14 22:12 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-14 22:12 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-14 22:12 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-14 22:12 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-14 22:12 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-14 22:12 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-04-14 22:12 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-04-14 22:12 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2015-04-13 22:04 - 2015-04-14 20:48 - 00000000 ____D () C:\Users\DSJ\Downloads\WALL-E.2008.720p.BRRip.x264-x0r
    2015-04-13 21:48 - 2015-04-15 00:30 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Raggae Greats - 5-CD-Boxset-[TFM]-2011-[MP3-320]
    2015-04-13 21:42 - 2015-04-14 20:55 - 00000000 ____D () C:\Users\DSJ\Downloads\Top 100 Ragga Reggaeton Hits 2014 {The.Phoenix}
    2015-04-07 23:56 - 2015-04-12 01:39 - 00000000 ____D () C:\Users\DSJ\Downloads\Missing.1982.DVDRip.H264.AAC.Gopo
    2015-04-07 23:55 - 2015-04-09 22:55 - 00000000 ____D () C:\Users\DSJ\Downloads\MiaKhalifaSiteRIP12V

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-06 23:19 - 2014-11-19 21:05 - 01578009 _____ () C:\Windows\WindowsUpdate.log
    2015-05-06 23:13 - 2014-11-19 21:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-1002
    2015-05-06 23:09 - 2014-11-19 21:09 - 00000000 ____D () C:\Users\DSJ\Documents\Youcam
    2015-05-06 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-06 22:51 - 2014-12-05 02:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-06 22:48 - 2014-03-18 10:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-06 22:41 - 2013-08-22 15:46 - 00037659 _____ () C:\Windows\setupact.log
    2015-05-06 22:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-06 22:41 - 2013-08-22 15:44 - 00492376 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-06 22:40 - 2014-11-29 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-06 22:40 - 2014-03-18 10:44 - 00042790 _____ () C:\Windows\PFRO.log
    2015-05-06 22:40 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-05-06 22:32 - 2014-11-25 00:52 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-05-06 22:17 - 2014-12-09 01:00 - 00000000 ____D () C:\Users\DSJ\AppData\Roaming\vlc
    2015-05-06 21:34 - 2014-11-19 21:08 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63732B52-3F9F-4F59-9083-AE3F8FD2D48A}
    2015-05-06 21:06 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-05-06 21:05 - 2014-06-25 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-05-06 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-05-06 20:50 - 2014-12-04 02:37 - 00230400 ___SH () C:\Users\DSJ\Downloads\Thumbs.db
    2015-05-06 19:06 - 2014-12-13 12:13 - 02509824 ___SH () C:\Users\DSJ\Desktop\Thumbs.db
    2015-05-06 15:28 - 2015-01-14 03:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-06 15:27 - 2015-01-14 03:26 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-06 15:27 - 2015-01-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-06 15:27 - 2015-01-14 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-06 05:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-05-05 07:06 - 2014-12-03 22:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-05-04 09:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-05-04 00:52 - 2014-11-29 19:59 - 00003144 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDSJ
    2015-05-04 00:52 - 2014-11-29 19:59 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForDSJ.job
    2015-04-30 23:46 - 2015-03-01 13:33 - 00000000 ____D () C:\Users\DSJ\Downloads\Vinnie Paz
    2015-04-27 12:27 - 2014-12-03 22:52 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ENVY-DSJ Envy
    2015-04-24 21:13 - 2014-11-19 21:08 - 00000000 ____D () C:\Users\DSJ\AppData\Local\Packages
    2015-04-24 20:38 - 2015-01-15 22:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Ill_Bill_and_Vinnie_Paz-Heavy_Metal_Kings-2011-NOiR
    2015-04-24 20:35 - 2015-01-18 16:55 - 00000000 ____D () C:\Users\DSJ\Downloads\Ill Bill - The Hour Of Reprisal (2008) - Hip Hop [www.torrentazos.com]
    2015-04-24 20:34 - 2015-01-14 00:24 - 00000000 ____D () C:\Users\DSJ\Downloads\Vinnie Paz - Season of the Assassin (2010) [mp3@320]
    2015-04-24 11:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-04-22 22:12 - 2014-11-19 21:11 - 00000000 ___DO () C:\Users\DSJ\OneDrive
    2015-04-21 06:52 - 2014-11-19 21:07 - 00000000 ____D () C:\Users\DSJ
    2015-04-19 17:08 - 2014-12-08 15:40 - 00000000 ____D () C:\Users\DSJ\AppData\Local\CrashDumps
    2015-04-19 14:55 - 2014-11-29 12:10 - 00000000 ____D () C:\Users\DSJ\Documents\CyberLink
    2015-04-18 08:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
    2015-04-17 20:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-16 20:04 - 2014-12-13 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-16 20:04 - 2014-11-29 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-16 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
    2015-04-16 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
    2015-04-16 00:59 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-15 23:19 - 2015-01-04 02:50 - 00000000 ____D () C:\Users\DSJ\Downloads\LIQUID
    2015-04-15 01:01 - 2014-12-05 02:59 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 00:37 - 2014-11-29 14:19 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-15 00:33 - 2014-11-29 14:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-14 21:11 - 2014-11-29 12:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-04-14 09:38 - 2015-01-14 03:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-14 09:37 - 2015-01-14 03:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-14 09:37 - 2015-01-14 03:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-14 00:24 - 2015-03-13 19:48 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-14 00:24 - 2015-03-13 19:48 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-07 22:38 - 2015-02-04 21:31 - 00000000 ____D () C:\Users\DSJ\Downloads\GARAGE 1
    2015-04-07 21:34 - 2014-12-14 00:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Troy

    Some content of TEMP:
    ====================
    C:\Users\DSJ\AppData\Local\Temp\BullGuard Antivirus Setup.exe
    C:\Users\DSJ\AppData\Local\Temp\Extract.exe
    C:\Users\DSJ\AppData\Local\Temp\SP63888.exe
    C:\Users\DSJ\AppData\Local\Temp\SP64339.exe
    C:\Users\DSJ\AppData\Local\Temp\SP65782.exe
    C:\Users\DSJ\AppData\Local\Temp\SP66495.exe
    C:\Users\DSJ\AppData\Local\Temp\SP66941.exe
    C:\Users\DSJ\AppData\Local\Temp\SP67149.exe
    C:\Users\DSJ\AppData\Local\Temp\SP67280.exe
    C:\Users\DSJ\AppData\Local\Temp\SP68055.exe
    C:\Users\DSJ\AppData\Local\Temp\SP68373.exe
    C:\Users\DSJ\AppData\Local\Temp\SP68376.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69229.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69393.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69401.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69404.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69486.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69718.exe
    C:\Users\DSJ\AppData\Local\Temp\SP69886.exe
    C:\Users\DSJ\AppData\Local\Temp\SP70439.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-19 09:52

    ==================== End Of Log ============================
     
    Last edited: May 6, 2015
  5. David9173

    David9173 TS Rookie Topic Starter

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
    Ran by DSJ at 2015-05-06 23:25:36
    Running from C:\Users\DSJ\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1397891646-1993758957-1736882376-500 - Administrator - Disabled)
    DSJ (S-1-5-21-1397891646-1993758957-1736882376-1002 - Administrator - Enabled) => C:\Users\DSJ
    Guest (S-1-5-21-1397891646-1993758957-1736882376-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1397891646-1993758957-1736882376-1004 - Limited - Enabled)
    UpdatusUser (S-1-5-21-1397891646-1993758957-1736882376-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)
    Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
    CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
    Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    NVIDIA Graphics Driver 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
    Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
    Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VMware Horizon Client (HKLM\...\{936DD031-2978-4374-842C-D18E92F9DFB5}) (Version: 3.2.0.24246 - VMware, Inc.)
    Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1397891646-1993758957-1736882376-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DSJ\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    22-04-2015 10:43:03 Scheduled Checkpoint
    27-04-2015 15:24:23 HPSF Applying updates
    04-05-2015 15:26:59 HPSF Applying updates
    06-05-2015 21:02:46 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    06-05-2015 21:03:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0853B619-8669-4441-9ACA-11668982B1F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
    Task: {09DE9FA2-DEE4-4240-B019-605270C6F04E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ENVY-DSJ Envy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
    Task: {145B8788-EB44-4716-B0C4-D00F17169342} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
    Task: {1A57ABCB-3656-484D-B246-AA9ADA47DD13} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {2282B8D8-8E71-4ECE-91BF-86EA51C73F1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
    Task: {22940ECD-F656-4A6A-8CA2-1F79D67013FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2770BF09-41D1-46B2-95A2-5EB11CBBFDEA} - System32\Tasks\HPCeeScheduleForDSJ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {28838976-D691-48A3-A52A-90CA3B81188F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
    Task: {3D70E79F-22E8-4CC4-82BD-29191173D5D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {4F43EFAD-2A2E-4900-AFCB-286940724A9B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1397891646-1993758957-1736882376-1002
    Task: {682AD41F-8CF8-46D9-9910-92D502FCD458} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
    Task: {7578C3B6-1D9C-41A2-A5B6-AEE72578549F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {93848900-8F48-4332-AD79-C07C3F2F39DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {9B0F0CED-074B-4776-924E-3C88AF2ABC99} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
    Task: {9CE451D3-F87B-4EBA-8406-FFF3DC210877} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
    Task: {B05390C7-BD0A-427D-92FE-2E3CE1BF1210} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-29] ()
    Task: {D137E098-B9DC-4D54-A8A4-4F43432BEA8F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated)
    Task: {D6B45671-071D-492F-A3E6-E105D6856E41} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
    Task: {E4C6303C-6690-428A-AAF3-211356B75FA1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1397891646-1993758957-1736882376-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {F7AAE181-D361-4669-8462-F75400C54DCA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {F8E5DB2D-9E0A-4B03-B17A-4F35B615939F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {FF9E55AB-4C1A-47F5-BE1C-BC6FE85E70DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForDSJ.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-06-25 00:11 - 2014-01-06 09:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-12-03 22:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-11-20 10:35 - 2014-11-20 10:35 - 00225976 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
    2014-11-20 11:24 - 2014-11-20 11:24 - 03649720 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
    2013-08-12 19:06 - 2013-08-12 19:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-12 19:06 - 2013-08-12 19:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-12 19:06 - 2013-08-12 19:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
    2015-03-13 05:41 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-11-29 20:23 - 2014-11-29 20:23 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    2014-11-20 10:30 - 2014-11-20 10:30 - 01147064 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
    2014-06-25 00:11 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-14 03:50 - 2014-07-24 04:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
    2015-01-14 03:50 - 2014-04-17 07:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
    2015-01-14 03:50 - 2014-07-24 04:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
    2015-05-06 23:08 - 2015-05-06 23:08 - 00012800 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00009728 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00014848 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\src\rgloader\rgloader193.mswin.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00009216 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00126976 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00087552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00016384 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00127316 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\bin\libffi-6.dll
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00013312 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00095744 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00012800 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00009728 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00014848 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\src\rgloader\rgloader193.mswin.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00118784 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00069120 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00083968 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\zlib1.dll
    2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00275968 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00015360 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008192 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00009216 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00023552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00036352 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00126976 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00087552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00016384 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00127316 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\libffi-6.dll
    2015-05-06 23:08 - 2015-05-06 23:08 - 00013312 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00095744 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2014-11-29 20:23 - 2014-11-29 20:23 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
    2014-11-29 20:23 - 2014-11-29 20:23 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\DSJ\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{8549AF89-FCF5-430B-A632-E2DD868C6689}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{82BF51C6-96DD-491D-82A3-AA786B0F8C61}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{9F1F95FF-741B-458E-8C4E-DB137CA9AB87}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{8ADB0884-BBD4-4EAF-9875-C1E545A4B287}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{69E0526E-987B-442E-876B-41904714BBB3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
    FirewallRules: [{4A4835F1-03F2-48DE-93BB-2C5BBB6BDD56}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
    FirewallRules: [{BA3E65E2-E073-4D4A-A7D1-51EE69D87D9F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{FD3D04E1-9694-485B-A6D0-4C8E7D007EBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{418C3FBD-B958-44E8-9D87-0073B2987734}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2CBF54CC-5C84-4986-9B20-E79BC286EB94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B3C79DB6-3274-4688-87F6-3C0D74C17782}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3B698669-8927-4DA7-A7F6-8C29182BF736}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{29A0DBD2-D109-4E63-9C8E-1AC9A894341C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{82A918AD-5BB1-49EA-8D13-E93BAD2AF623}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{A9C5F99B-D23F-43CE-878D-16D99049F5CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{3DE59EEB-14DF-4EB0-8788-716D62DCF673}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
    FirewallRules: [{B1313190-E5EB-4A95-815C-0D1C15659A63}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{263DC978-A7A5-4FB5-9269-371A831D757B}] => (Allow) C:\Users\DSJ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{BB52BBA4-CD37-409C-B37D-9B701CAABE13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{674D6A8E-4DE6-490E-AB5B-F29875A08206}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{3566FAF5-B067-4A32-8594-C33319938872}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{4FE63317-8FD2-4395-A19B-F98D554BA06B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{E9B0CB20-F311-42DF-8986-A1200475A0D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{584B5253-1639-4A09-901A-EADD01FA8AB5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{7E712FD7-C1C3-4FD6-A64B-1256DE224396}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{01207DA6-695F-4490-85F2-3319DDF48523}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{468885DE-3D6B-490B-B12F-98FE56EA8219}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{7B4A1379-C097-4887-9897-FA1CB4D0E657}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{31DDB16C-0FEB-4E92-806A-69F7A60D51B6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{C4824281-6E93-4F85-9352-180857E3B2F6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{B12EB976-9CFD-4E22-BF73-55D0380A45C1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{424C4C77-DE84-4159-ABBF-B5372C6A1D95}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{F7DE17CA-FE05-45E1-8F49-355FFAC25F21}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{5DA883B8-5891-4895-886A-DEFB87E7B244}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [TCP Query User{643E4AA0-EB05-4725-BD79-042645A31FDF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{CCF0D5B0-5637-4CF3-93FA-EBEC9B8AAA5F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{92636D51-448F-4244-B759-863696484044}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
    FirewallRules: [TCP Query User{6DAFD6E7-DDC9-4136-B232-C5D8C5B25F29}C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe] => (Block) C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe
    FirewallRules: [UDP Query User{EB3CA087-9FD4-48F0-A15A-4C8EE1483E5E}C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe] => (Block) C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe
    FirewallRules: [{7963F5E8-2147-45E1-BA0D-B1714BFAB16D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

    ==================== Faulty Device Manager Devices =============

    Name: Unknown USB Device (Link in Compliance Mode)
    Description: Unknown USB Device (Link in Compliance Mode)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11250

    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11250

    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/06/2015 10:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program BullGuard.exe version 15.0.0.137 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 519c

    Start Time: 01d0883835a48dbe

    Termination Time: 4294967295

    Application Path: C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

    Report Id: fd1357b1-f437-11e4-8279-40e230153638

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/06/2015 10:34:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 5728

    Start Time: 01d08844442b8947

    Termination Time: 4294967295

    Application Path: C:\Windows\system32\wwahost.exe

    Report Id: b23fcff1-f437-11e4-8279-40e230153638

    Faulting package full name: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexNews

    Error: (05/06/2015 10:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ENVY)
    Description: Package Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews was terminated because it took too long to suspend.

    Error: (05/06/2015 09:43:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 3204

    Start Time: 01d0883ab9e1513b

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: ae686dcd-f42e-11e4-8279-40e230153638

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/06/2015 09:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program BullGuard.exe version 15.0.0.137 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 519c

    Start Time: 01d0883835a48dbe

    Termination Time: 60000

    Application Path: C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

    Report Id: de6a39b0-f42f-11e4-8279-40e230153638

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/06/2015 09:15:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (05/06/2015 07:44:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: ff8

    Start Time: 01d07e738ae36f27

    Termination Time: 20

    Application Path: C:\Windows\system32\wwahost.exe

    Report Id: e0bc063d-f41f-11e4-8279-40e230153638

    Faulting package full name: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexNews


    System errors:
    =============
    Error: (05/06/2015 09:22:41 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR13.

    Error: (05/06/2015 07:28:24 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR12.

    Error: (05/04/2015 09:38:40 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
    Description: F:\Device\HarddiskVolume143

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.

    Error: (05/02/2015 01:22:05 PM) (Source: MTConfig) (EventID: 1) (User: )
    Description: An attempt to configure the input mode of a multitouch device failed.


    Microsoft Office Sessions:
    =========================
    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11250

    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11250

    Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/06/2015 10:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: BullGuard.exe15.0.0.137519c01d0883835a48dbe4294967295C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exefd1357b1-f437-11e4-8279-40e230153638

    Error: (05/06/2015 10:34:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.17415572801d08844442b89474294967295C:\Windows\system32\wwahost.exeb23fcff1-f437-11e4-8279-40e230153638Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews

    Error: (05/06/2015 10:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ENVY)
    Description: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews

    Error: (05/06/2015 09:43:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.20689320401d0883ab9e1513b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeae686dcd-f42e-11e4-8279-40e230153638microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/06/2015 09:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: BullGuard.exe15.0.0.137519c01d0883835a48dbe60000C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exede6a39b0-f42f-11e4-8279-40e230153638

    Error: (05/06/2015 09:15:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: -2147024883

    Error: (05/06/2015 07:44:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.17415ff801d07e738ae36f2720C:\Windows\system32\wwahost.exee0bc063d-f41f-11e4-8279-40e230153638Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-06 23:05:07.362
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-17 19:03:45.711
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-04-07 05:12:49.524
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-22 05:12:40.855
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-15 11:16:36.887
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-01 03:24:22.779
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-25 19:18:39.239
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-23 19:26:28.640
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-17 19:49:46.274
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-13 19:21:41.097
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
    Percentage of memory in use: 28%
    Total physical RAM: 8124.02 MB
    Available physical RAM: 5806.55 MB
    Total Pagefile: 9404.02 MB
    Available Pagefile: 6843.03 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:910.22 GB) (Free:337.01 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:20.27 GB) (Free:2.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. David9173

    David9173 TS Rookie Topic Starter

    Hi Broni, thanks for responding!


    Rkreport.txt



    RogueKiller V10.6.2.0 [May 4 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : DSJ [Administrator]
    Started from : C:\Users\DSJ\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 05/10/2015 11:58:06

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM014-1EJ164-SSHD +++++
    --- User ---
    [MBR] fd9c45f893067b4140b808bdc8664c76
    [BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2127872 | Size: 932065 MB
    4 - [SYSTEM] Basic data partition | Offset (sectors): 1910996992 | Size: 20760 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_05102015_115800.log
     
  8. David9173

    David9173 TS Rookie Topic Starter

    Malwarebytes log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/05/2015
    Scan Time: 12:02:40
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.10.02
    Rootkit Database: v2015.04.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: DSJ

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 454961
    Time Elapsed: 21 min, 25 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  9. David9173

    David9173 TS Rookie Topic Starter

    Adwcleaner

    # AdwCleaner v4.203 - Logfile created 10/05/2015 at 15:21:26
    # Updated 30/04/2015 by Xplode
    # Database : 2015-05-09.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : DSJ - ENVY
    # Running from : C:\Users\DSJ\Downloads\adwcleaner_4.203(1).exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v37.0.2 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [728 bytes] - [10/05/2015 15:18:04]
    AdwCleaner[R1].txt - [789 bytes] - [10/05/2015 15:20:40]
    AdwCleaner[S0].txt - [715 bytes] - [10/05/2015 15:21:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [773 bytes] ##########
     
  10. David9173

    David9173 TS Rookie Topic Starter

    Junkware removal

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.0 (05.09.2015:1)
    OS: Windows 8.1 x64
    Ran by DSJ on 10/05/2015 at 15:26:28.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1390891756-1648730143-2729982792-500
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-1002
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-500
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3076284122-610256514-454173331-500



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/05/2015 at 15:28:18.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. David9173

    David9173 TS Rookie Topic Starter

    Just an update on how the computer is performing now, I havent experienced the phantom touch screen touches since I first made this thread, but on the day it was very bad... I'm not getting anymore pop-ups from opening new windows etc.

    Overall performance is good, but if the phantom ghost touches come back ill be sending the laptop back to HP as it will be an obvious hardware issue with the touchscreen.

    Thanks for your help Broni - if there's anything else you need me to do please let me know.

    Thanks.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Still with me?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...