Inactive-A Possible Malware? Curser jumping around + internet pop ups

Status
Not open for further replies.
D

David9173

Posts: 10   +0
Hi,

I'm having some issues with my laptop, hoping someone has some help - my curser is jumping around all over the place on the screen... when I move the curser it might end up at the bottom or top of the screen randomly... also getting loads of pop ups on the internet which is annoying - dont know how I got here or what to do... if someone can help I'd be more than grateful!

Thanks,

David.
 
I have tried to run a Fabar scan however windows blocks the application everytime I try to run it.

My laptop is a HP ENVY TS 17 NOTEBOOK
Running on Windows 8 (64bit)
Intel Core i7
 
I would also like to add that I am getting phantom touches on the touch screen element of my laptop - the screen will scroll up and down randomly and the touch screen will register touches when I havent made any? Really weird... Laptop is only a few months old.
 
Sorry - I have now managed to download and run FABAR.

Here are the logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by DSJ (administrator) on ENVY on 06-05-2015 23:24:58
Running from C:\Users\DSJ\Downloads
Loaded Profiles: UpdatusUser & DSJ (Available profiles: UpdatusUser & DSJ)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\pia_manager\pia_manager.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(http://www.ruby-lang.org/) C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(http://www.ruby-lang.org/) C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Farbar) C:\Users\DSJ\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-02] (Synaptics Incorporated)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2014-11-20] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-25]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-1397891646-1993758957-1736882376-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1397891646-1993758957-1736882376-1002 -> {F5F2D0FB-3660-433C-B9AC-A294CCA5D0AB} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\DSJ\AppData\Roaming\Mozilla\Firefox\Profiles\igo2ejxn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-03] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [225976 2014-11-20] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3649720 2014-11-20] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1979608 2014-11-18] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [228024 2014-11-21] (VMware)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-12-01] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-29] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 23:18 - 2015-05-06 23:19 - 00048023 _____ () C:\Users\DSJ\Downloads\Addition.txt
2015-05-06 23:16 - 2015-05-06 23:25 - 00016647 _____ () C:\Users\DSJ\Downloads\FRST.txt
2015-05-06 23:16 - 2015-05-06 23:25 - 00000000 ____D () C:\FRST
2015-05-06 23:15 - 2015-05-06 23:15 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64(2).exe
2015-05-06 22:26 - 2015-05-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-05-06 22:24 - 2015-05-06 22:24 - 05197824 _____ () C:\Users\DSJ\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-05-06 22:15 - 2015-05-06 22:16 - 00000000 ____D () C:\Users\DSJ\Downloads\Instrumentals
2015-05-06 21:14 - 2015-05-06 21:14 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-05-06 21:12 - 2015-05-06 21:11 - 00169672 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2015-05-06 21:12 - 2015-05-06 21:11 - 00148024 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2015-05-06 21:06 - 2015-05-06 21:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-06 21:02 - 2015-05-06 21:02 - 00000000 ____D () C:\Users\DSJ\AppData\Roaming\QuickScan
2015-05-06 20:59 - 2015-05-06 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-05-06 20:57 - 2015-05-06 20:57 - 00324416 _____ () C:\Users\DSJ\Downloads\BullGuardDownloaderAV.exe
2015-05-06 19:49 - 2015-05-06 19:49 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64(1).exe
2015-05-06 19:39 - 2015-05-06 19:39 - 02102272 _____ (Farbar) C:\Users\DSJ\Downloads\FRST64.exe
2015-05-06 15:03 - 2015-05-06 15:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\DSJ\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-06 11:17 - 2015-05-06 18:36 - 00000000 ____D () C:\Users\DSJ\Downloads\Three 6 Mafia - Hypnotize Minds Discography
2015-05-06 11:15 - 2015-05-06 11:15 - 00000000 ____D () C:\Users\DSJ\Downloads\[Big Tits In Uniform] Yurizan Beltran [Tatas Under Siege][SD] [.mp4]
2015-05-06 10:58 - 2015-05-06 11:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Stoupe the Enemy of Mankind - The Decalogue
2015-05-04 18:40 - 2015-05-04 20:19 - 00000000 ____D () C:\Users\DSJ\Downloads\Papoose - Cigar Society (Official Mixtape - 2014) - axiytuns
2015-05-04 18:27 - 2015-05-04 21:34 - 00000000 ____D () C:\Users\DSJ\Downloads\Cypress Hill Discography @ 320 (14 Albums)(RAP)(by dragan09)
2015-05-04 18:14 - 2015-05-05 23:52 - 00000000 ____D () C:\Users\DSJ\Downloads\Wu-Tang Clan Discography @ 320 (22 Albums)(RAP)(by dragan09)
2015-05-04 18:12 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\DSJ\Downloads\Ghostface Killah
2015-05-04 10:16 - 2015-05-04 10:34 - 00000000 ____D () C:\Users\DSJ\Downloads\(CNN) Capone-N-Noreaga Discography @320 (5 Albums)(RAP)(by dragan09)
2015-05-04 04:09 - 2015-05-04 04:10 - 00000000 ____D () C:\Users\DSJ\Downloads\[ www.Torrenting.com ] - Tin Men (1987)-DVDRIp-AC3-Xvid-THC
2015-05-03 23:27 - 2015-05-04 08:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Lanny_Barbie_Pack
2015-05-03 23:02 - 2015-05-06 00:03 - 00000000 ____D () C:\Users\DSJ\Downloads\Rocco's World Feet Fetish
2015-05-03 23:01 - 2015-05-03 23:51 - 00000000 ____D () C:\Users\DSJ\Downloads\*** Worship Full Collection (1-10)
2015-05-03 22:22 - 2015-05-04 10:05 - 00000000 ____D () C:\Users\DSJ\Downloads\Salesman Sonata Premiere
2015-05-02 01:41 - 2015-05-02 23:43 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - In The Mix (Rave Revival) 2007 only1joe FLAC-EAC
2015-05-02 01:15 - 2015-05-04 10:07 - 00000000 ____D () C:\Users\DSJ\Downloads\Best Dance, Techno, Trance, Rave, Oldskool, Club Tunes, Themes & Anthems Collection Ever (by tonyx) (458 tunes)
2015-05-02 01:07 - 2015-05-06 00:44 - 00000000 ____D () C:\Users\DSJ\Downloads\A.Good.Marriage.Stephen.King.2014.1080p.WEB-DL.H264.AAC.Mp4.Raven
2015-05-02 01:05 - 2015-05-04 10:10 - 00000000 ____D () C:\Users\DSJ\Downloads\Breakbeat DJ Sets
2015-05-02 00:17 - 2015-05-02 00:17 - 00000000 ____D () C:\Users\DSJ\Downloads\Underground Rave - 500 tracks!!!
2015-05-02 00:08 - 2015-05-02 23:48 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Rave Now
2015-04-30 23:51 - 2015-05-03 09:57 - 00000000 ____D () C:\Users\DSJ\Downloads\Pure Silk-The Home Of UK Garage 2cd mp3-320k m3u by The_Stig@Torrent Force
2015-04-28 23:42 - 2015-05-06 22:33 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep
2015-04-26 21:26 - 2015-05-05 16:55 - 00000000 ____D () C:\Users\DSJ\Downloads\2022
2015-04-26 12:55 - 2015-04-30 23:46 - 00000000 ____D () C:\Users\DSJ\Downloads\Best Chillstep Collection
2015-04-26 12:43 - 2015-04-26 14:25 - 00000000 ____D () C:\Users\DSJ\Downloads\SteepMusic 50 - Dubstep Vol 29
2015-04-25 23:41 - 2015-04-26 11:19 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 16 February 2014
2015-04-25 23:38 - 2015-04-26 11:19 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 30 March 2015
2015-04-25 21:01 - 2015-04-26 06:43 - 00000000 ____D () C:\Users\DSJ\Downloads\Simply Dubstep - April 2013
2015-04-25 20:57 - 2015-04-25 22:34 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Super Dubstep Всех времён! (2014) МР3
2015-04-25 10:15 - 2015-04-25 10:15 - 02515849 _____ (Skyshape Software ) C:\Users\DSJ\Downloads\mp3resizersetup.exe
2015-04-24 18:30 - 2015-04-29 23:14 - 00000000 ____D () C:\Users\DSJ\Downloads\Can You Handle The Dubstep_
2015-04-24 18:14 - 2015-04-25 17:14 - 00000000 ____D () C:\Users\DSJ\Downloads\DubStep 2012 Collection [GBR]
2015-04-24 17:51 - 2015-04-24 20:28 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 18 April 2014
2015-04-24 17:27 - 2015-04-24 20:35 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Dubstep EPs Vol. 83 by Geloso (07-2014)
2015-04-24 17:23 - 2015-04-24 17:41 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep Classics (2015)
2015-04-24 17:22 - 2015-04-24 18:23 - 00000000 ____D () C:\Users\DSJ\Downloads\Dubstep_Deluxe_100_Top_Hits_2015
2015-04-21 20:39 - 2015-04-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 07:18 - 2015-04-21 20:09 - 00000000 ____D () C:\Users\DSJ\Downloads\Reggae Dancehall Riddim Pack [Feb 2012]
2015-04-20 19:14 - 2015-04-21 07:03 - 00000000 ____D () C:\Users\DSJ\Downloads\Jungle, ragga jungle and reggae mix
2015-04-19 23:17 - 2015-04-21 20:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Reggae Dancehall Riddim Pack [April 2012]
2015-04-19 23:16 - 2015-04-20 19:13 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - 50 Bombes Ragga Dancehall (2013)[Mp3][www.lokotorrents.com]
2015-04-19 23:02 - 2015-04-20 19:05 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - Ministry Of Sound - Essential Reggae
2015-04-19 15:07 - 2015-04-19 17:28 - 00000000 ____D () C:\Users\DSJ\Downloads\VA--Drum_and_Bass_Arena_Anthology_2_(Unmixed_and_Mixed)-(DNBA009DD)-WEB-2012-OMA
2015-04-19 14:57 - 2015-04-21 07:06 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Dubstep and Drum N Bass EPs Vol. 63 by Geloso (2014)
2015-04-19 14:55 - 2015-04-19 14:55 - 00000000 ____D () C:\Users\DSJ\AppData\Local\MediaShow
2015-04-19 14:51 - 2015-04-19 17:24 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass Gras v.3
2015-04-19 14:49 - 2015-05-01 22:54 - 00000000 ____D () C:\Users\DSJ\Downloads\08 August
2015-04-19 14:49 - 2015-04-19 16:01 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Hospitality Drum and Bass 2013
2015-04-19 14:05 - 2015-04-19 14:53 - 00000000 ____D () C:\Users\DSJ\Downloads\DJ_SS_Presents_WODB_MIAMI_WODB_LP_2014
2015-04-19 14:02 - 2015-04-19 15:23 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - X-Treme Drum 'n' Bass (2014) [deepstatus][h33t][1337x]
2015-04-19 13:56 - 2015-04-19 14:53 - 00000000 ____D () C:\Users\DSJ\Downloads\(2014) Path Of The Warrior
2015-04-19 13:55 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\DSJ\Downloads\High Contrast - This Is Drum & Bass [2CD] (2009) v-boy
2015-04-19 13:52 - 2015-04-30 23:58 - 00000000 ____D () C:\Users\DSJ\Downloads\Viper Presents Drum Bass Summer Slammers 2014-(VPRLP007)-WEB-2014
2015-04-19 13:51 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\DSJ\Downloads\VA-RAM Drum & Bass Annual 2015-(RAMMLPD9)-FLAC-WEB-2014
2015-04-19 13:21 - 2015-04-19 18:28 - 00000000 ____D () C:\Users\DSJ\Downloads\Monstercat
2015-04-19 13:13 - 2015-04-19 13:46 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Heroes (2015)
2015-04-19 13:11 - 2015-04-19 13:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Spor - Caligo
2015-04-18 02:24 - 2015-04-18 05:17 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.7-8
2015-04-18 02:21 - 2015-04-18 12:42 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.11
2015-04-18 01:37 - 2015-04-18 02:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.12-13
2015-04-18 01:36 - 2015-04-19 11:18 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum and Bass EXT v.14-16
2015-04-18 01:35 - 2015-04-18 08:29 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum and Bass Pro V.33 from Kulemina (2014) MP3, 320 kbps
2015-04-16 22:03 - 2015-04-19 14:54 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - RAMiami Drum & Bass 2015
2015-04-16 22:01 - 2015-04-16 22:12 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Essentials 2009
2015-04-16 21:52 - 2015-04-16 22:22 - 00000000 ____D () C:\Users\DSJ\Downloads\DJ Marky
2015-04-16 21:46 - 2015-04-18 00:30 - 00000000 ____D () C:\Users\DSJ\Downloads\Drum & Bass Arena Summer Selection 2014
2015-04-16 03:15 - 2015-04-16 18:59 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum and Bass Pro v.22 from AGR (2013) MP3, 320 kbps
2015-04-16 03:08 - 2015-04-16 18:58 - 00000000 ____D () C:\Users\DSJ\Downloads\Various Artists - Drum & Bass Arena 2014 (2014)
2015-04-16 02:16 - 2015-04-16 18:55 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum & Bass, DubStep, Trap V.13 from AGR (2014) MP3, 320 kbps
2015-04-16 01:19 - 2015-04-16 18:56 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Drum & Bass, DubStep, Trap V.9 from AGR (2014) MP3, 320 kbps
2015-04-15 23:58 - 2015-04-16 18:51 - 00000000 ____D () C:\Users\DSJ\Downloads\drum and bass 1996-2014
2015-04-15 23:55 - 2015-04-16 00:14 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Ministry Of Sound Addicted To Bass 2014 (3CD) (2014) [320]
2015-04-15 22:53 - 2015-04-15 22:53 - 00000000 ____D () C:\Users\DSJ\Downloads\97 Percent Legit Free Dubstep Drum N Bass Collection
2015-04-15 21:57 - 2015-04-26 19:50 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 24 October 2014
2015-04-15 21:55 - 2015-04-15 23:52 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 26 December 2014
2015-04-15 00:55 - 2015-04-15 23:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Showtek
2015-04-15 00:28 - 2015-04-16 19:30 - 00000000 ____D () C:\Users\DSJ\Downloads\RYM Top 100 Drum & Bass - DnB - Jungle - Techstep LPs 51-100
2015-04-15 00:24 - 2015-04-15 19:01 - 00000000 ____D () C:\Users\DSJ\Downloads\Then & Now (2015)
2015-04-15 00:21 - 2015-04-15 23:13 - 00000000 ____D () C:\Users\DSJ\Downloads\DafuQ! EDM Playlist Vol. 31 April 2015
2015-04-15 00:16 - 2015-04-15 23:07 - 00000000 ____D () C:\Users\DSJ\Downloads\Shaking Ears Collection - Drum'n'Bass Vol.1
2015-04-14 22:14 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 22:14 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 22:14 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 22:14 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 22:14 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 22:14 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 22:14 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 22:14 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 22:14 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 22:14 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 22:14 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 22:14 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 22:14 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:14 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:14 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 22:14 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:14 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 22:14 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 22:13 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:13 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:13 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 22:13 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 22:13 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:13 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 22:13 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-14 22:13 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 22:13 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 22:13 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:13 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 22:13 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:13 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 22:13 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:13 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 22:13 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 22:13 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 22:13 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 22:13 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 22:13 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:13 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 22:13 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:12 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 22:12 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 22:12 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:12 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 22:12 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 22:12 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:12 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:12 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:12 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:12 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 22:12 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:12 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:12 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:12 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 22:12 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 22:12 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:12 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:12 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:12 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 22:12 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 22:12 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 22:12 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 22:12 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 22:12 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 22:12 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-13 22:04 - 2015-04-14 20:48 - 00000000 ____D () C:\Users\DSJ\Downloads\WALL-E.2008.720p.BRRip.x264-x0r
2015-04-13 21:48 - 2015-04-15 00:30 - 00000000 ____D () C:\Users\DSJ\Downloads\VA - Raggae Greats - 5-CD-Boxset-[TFM]-2011-[MP3-320]
2015-04-13 21:42 - 2015-04-14 20:55 - 00000000 ____D () C:\Users\DSJ\Downloads\Top 100 Ragga Reggaeton Hits 2014 {The.Phoenix}
2015-04-07 23:56 - 2015-04-12 01:39 - 00000000 ____D () C:\Users\DSJ\Downloads\Missing.1982.DVDRip.H264.AAC.Gopo
2015-04-07 23:55 - 2015-04-09 22:55 - 00000000 ____D () C:\Users\DSJ\Downloads\MiaKhalifaSiteRIP12V

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 23:19 - 2014-11-19 21:05 - 01578009 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 23:13 - 2014-11-19 21:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-1002
2015-05-06 23:09 - 2014-11-19 21:09 - 00000000 ____D () C:\Users\DSJ\Documents\Youcam
2015-05-06 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-06 22:51 - 2014-12-05 02:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 22:48 - 2014-03-18 10:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-06 22:41 - 2013-08-22 15:46 - 00037659 _____ () C:\Windows\setupact.log
2015-05-06 22:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 22:41 - 2013-08-22 15:44 - 00492376 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-06 22:40 - 2014-11-29 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-06 22:40 - 2014-03-18 10:44 - 00042790 _____ () C:\Windows\PFRO.log
2015-05-06 22:40 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-06 22:32 - 2014-11-25 00:52 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-06 22:17 - 2014-12-09 01:00 - 00000000 ____D () C:\Users\DSJ\AppData\Roaming\vlc
2015-05-06 21:34 - 2014-11-19 21:08 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63732B52-3F9F-4F59-9083-AE3F8FD2D48A}
2015-05-06 21:06 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-06 21:05 - 2014-06-25 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-06 20:50 - 2014-12-04 02:37 - 00230400 ___SH () C:\Users\DSJ\Downloads\Thumbs.db
2015-05-06 19:06 - 2014-12-13 12:13 - 02509824 ___SH () C:\Users\DSJ\Desktop\Thumbs.db
2015-05-06 15:28 - 2015-01-14 03:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 15:27 - 2015-01-14 03:26 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-06 15:27 - 2015-01-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-06 15:27 - 2015-01-14 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 05:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-05 07:06 - 2014-12-03 22:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-04 09:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-04 00:52 - 2014-11-29 19:59 - 00003144 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDSJ
2015-05-04 00:52 - 2014-11-29 19:59 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForDSJ.job
2015-04-30 23:46 - 2015-03-01 13:33 - 00000000 ____D () C:\Users\DSJ\Downloads\Vinnie Paz
2015-04-27 12:27 - 2014-12-03 22:52 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ENVY-DSJ Envy
2015-04-24 21:13 - 2014-11-19 21:08 - 00000000 ____D () C:\Users\DSJ\AppData\Local\Packages
2015-04-24 20:38 - 2015-01-15 22:08 - 00000000 ____D () C:\Users\DSJ\Downloads\Ill_Bill_and_Vinnie_Paz-Heavy_Metal_Kings-2011-NOiR
2015-04-24 20:35 - 2015-01-18 16:55 - 00000000 ____D () C:\Users\DSJ\Downloads\Ill Bill - The Hour Of Reprisal (2008) - Hip Hop [www.torrentazos.com]
2015-04-24 20:34 - 2015-01-14 00:24 - 00000000 ____D () C:\Users\DSJ\Downloads\Vinnie Paz - Season of the Assassin (2010) [mp3@320]
2015-04-24 11:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-22 22:12 - 2014-11-19 21:11 - 00000000 ___DO () C:\Users\DSJ\OneDrive
2015-04-21 06:52 - 2014-11-19 21:07 - 00000000 ____D () C:\Users\DSJ
2015-04-19 17:08 - 2014-12-08 15:40 - 00000000 ____D () C:\Users\DSJ\AppData\Local\CrashDumps
2015-04-19 14:55 - 2014-11-29 12:10 - 00000000 ____D () C:\Users\DSJ\Documents\CyberLink
2015-04-18 08:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-17 20:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 20:04 - 2014-12-13 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 20:04 - 2014-11-29 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-04-16 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-04-16 00:59 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 23:19 - 2015-01-04 02:50 - 00000000 ____D () C:\Users\DSJ\Downloads\LIQUID
2015-04-15 01:01 - 2014-12-05 02:59 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 00:37 - 2014-11-29 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:33 - 2014-11-29 14:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 21:11 - 2014-11-29 12:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 09:38 - 2015-01-14 03:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-01-14 03:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-01-14 03:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 00:24 - 2015-03-13 19:48 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2015-03-13 19:48 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 22:38 - 2015-02-04 21:31 - 00000000 ____D () C:\Users\DSJ\Downloads\GARAGE 1
2015-04-07 21:34 - 2014-12-14 00:20 - 00000000 ____D () C:\Users\DSJ\Downloads\Troy

Some content of TEMP:
====================
C:\Users\DSJ\AppData\Local\Temp\BullGuard Antivirus Setup.exe
C:\Users\DSJ\AppData\Local\Temp\Extract.exe
C:\Users\DSJ\AppData\Local\Temp\SP63888.exe
C:\Users\DSJ\AppData\Local\Temp\SP64339.exe
C:\Users\DSJ\AppData\Local\Temp\SP65782.exe
C:\Users\DSJ\AppData\Local\Temp\SP66495.exe
C:\Users\DSJ\AppData\Local\Temp\SP66941.exe
C:\Users\DSJ\AppData\Local\Temp\SP67149.exe
C:\Users\DSJ\AppData\Local\Temp\SP67280.exe
C:\Users\DSJ\AppData\Local\Temp\SP68055.exe
C:\Users\DSJ\AppData\Local\Temp\SP68373.exe
C:\Users\DSJ\AppData\Local\Temp\SP68376.exe
C:\Users\DSJ\AppData\Local\Temp\SP69229.exe
C:\Users\DSJ\AppData\Local\Temp\SP69393.exe
C:\Users\DSJ\AppData\Local\Temp\SP69401.exe
C:\Users\DSJ\AppData\Local\Temp\SP69404.exe
C:\Users\DSJ\AppData\Local\Temp\SP69486.exe
C:\Users\DSJ\AppData\Local\Temp\SP69718.exe
C:\Users\DSJ\AppData\Local\Temp\SP69886.exe
C:\Users\DSJ\AppData\Local\Temp\SP70439.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 09:52

==================== End Of Log ============================
 
Last edited:
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by DSJ at 2015-05-06 23:25:36
Running from C:\Users\DSJ\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1397891646-1993758957-1736882376-500 - Administrator - Disabled)
DSJ (S-1-5-21-1397891646-1993758957-1736882376-1002 - Administrator - Enabled) => C:\Users\DSJ
Guest (S-1-5-21-1397891646-1993758957-1736882376-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1397891646-1993758957-1736882376-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-1397891646-1993758957-1736882376-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA Graphics Driver 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Horizon Client (HKLM\...\{936DD031-2978-4374-842C-D18E92F9DFB5}) (Version: 3.2.0.24246 - VMware, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1397891646-1993758957-1736882376-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DSJ\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

22-04-2015 10:43:03 Scheduled Checkpoint
27-04-2015 15:24:23 HPSF Applying updates
04-05-2015 15:26:59 HPSF Applying updates
06-05-2015 21:02:46 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
06-05-2015 21:03:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0853B619-8669-4441-9ACA-11668982B1F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {09DE9FA2-DEE4-4240-B019-605270C6F04E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ENVY-DSJ Envy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {145B8788-EB44-4716-B0C4-D00F17169342} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {1A57ABCB-3656-484D-B246-AA9ADA47DD13} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {2282B8D8-8E71-4ECE-91BF-86EA51C73F1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {22940ECD-F656-4A6A-8CA2-1F79D67013FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {2770BF09-41D1-46B2-95A2-5EB11CBBFDEA} - System32\Tasks\HPCeeScheduleForDSJ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {28838976-D691-48A3-A52A-90CA3B81188F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {3D70E79F-22E8-4CC4-82BD-29191173D5D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4F43EFAD-2A2E-4900-AFCB-286940724A9B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1397891646-1993758957-1736882376-1002
Task: {682AD41F-8CF8-46D9-9910-92D502FCD458} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {7578C3B6-1D9C-41A2-A5B6-AEE72578549F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {93848900-8F48-4332-AD79-C07C3F2F39DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9B0F0CED-074B-4776-924E-3C88AF2ABC99} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {9CE451D3-F87B-4EBA-8406-FFF3DC210877} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {B05390C7-BD0A-427D-92FE-2E3CE1BF1210} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-29] ()
Task: {D137E098-B9DC-4D54-A8A4-4F43432BEA8F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated)
Task: {D6B45671-071D-492F-A3E6-E105D6856E41} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {E4C6303C-6690-428A-AAF3-211356B75FA1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1397891646-1993758957-1736882376-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F7AAE181-D361-4669-8462-F75400C54DCA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F8E5DB2D-9E0A-4B03-B17A-4F35B615939F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {FF9E55AB-4C1A-47F5-BE1C-BC6FE85E70DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDSJ.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-25 00:11 - 2014-01-06 09:13 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-12-03 22:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-20 10:35 - 2014-11-20 10:35 - 00225976 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2014-11-20 11:24 - 2014-11-20 11:24 - 03649720 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2013-08-12 19:06 - 2013-08-12 19:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 19:06 - 2013-08-12 19:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 19:06 - 2013-08-12 19:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-03-13 05:41 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-29 20:23 - 2014-11-29 20:23 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-11-20 10:30 - 2014-11-20 10:30 - 01147064 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2014-06-25 00:11 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-14 03:50 - 2014-07-24 04:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-01-14 03:50 - 2014-04-17 07:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-01-14 03:50 - 2014-07-24 04:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-05-06 23:08 - 2015-05-06 23:08 - 00012800 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00009728 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00014848 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\src\rgloader\rgloader193.mswin.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00009216 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00126976 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00087552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00016384 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00127316 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\bin\libffi-6.dll
2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00013312 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00095744 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr332C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00012800 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00009728 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00014848 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\src\rgloader\rgloader193.mswin.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00094208 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00118784 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00069120 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00083968 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\zlib1.dll
2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00275968 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00015360 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00008192 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00009216 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00023552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00008704 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00036352 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00126976 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00087552 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00016384 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00127316 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\bin\libffi-6.dll
2015-05-06 23:08 - 2015-05-06 23:08 - 00013312 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00095744 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-06 23:08 - 2015-05-06 23:08 - 00026624 _____ () C:\Users\DSJ\AppData\Local\Temp\ocr7D64.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-11-29 20:23 - 2014-11-29 20:23 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-11-29 20:23 - 2014-11-29 20:23 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\DSJ\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1397891646-1993758957-1736882376-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8549AF89-FCF5-430B-A632-E2DD868C6689}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{82BF51C6-96DD-491D-82A3-AA786B0F8C61}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{9F1F95FF-741B-458E-8C4E-DB137CA9AB87}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{8ADB0884-BBD4-4EAF-9875-C1E545A4B287}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{69E0526E-987B-442E-876B-41904714BBB3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{4A4835F1-03F2-48DE-93BB-2C5BBB6BDD56}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{BA3E65E2-E073-4D4A-A7D1-51EE69D87D9F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FD3D04E1-9694-485B-A6D0-4C8E7D007EBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{418C3FBD-B958-44E8-9D87-0073B2987734}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CBF54CC-5C84-4986-9B20-E79BC286EB94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3C79DB6-3274-4688-87F6-3C0D74C17782}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B698669-8927-4DA7-A7F6-8C29182BF736}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29A0DBD2-D109-4E63-9C8E-1AC9A894341C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82A918AD-5BB1-49EA-8D13-E93BAD2AF623}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A9C5F99B-D23F-43CE-878D-16D99049F5CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3DE59EEB-14DF-4EB0-8788-716D62DCF673}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{B1313190-E5EB-4A95-815C-0D1C15659A63}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{263DC978-A7A5-4FB5-9269-371A831D757B}] => (Allow) C:\Users\DSJ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BB52BBA4-CD37-409C-B37D-9B701CAABE13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{674D6A8E-4DE6-490E-AB5B-F29875A08206}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3566FAF5-B067-4A32-8594-C33319938872}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{4FE63317-8FD2-4395-A19B-F98D554BA06B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E9B0CB20-F311-42DF-8986-A1200475A0D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{584B5253-1639-4A09-901A-EADD01FA8AB5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7E712FD7-C1C3-4FD6-A64B-1256DE224396}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01207DA6-695F-4490-85F2-3319DDF48523}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{468885DE-3D6B-490B-B12F-98FE56EA8219}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{7B4A1379-C097-4887-9897-FA1CB4D0E657}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{31DDB16C-0FEB-4E92-806A-69F7A60D51B6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{C4824281-6E93-4F85-9352-180857E3B2F6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{B12EB976-9CFD-4E22-BF73-55D0380A45C1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{424C4C77-DE84-4159-ABBF-B5372C6A1D95}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{F7DE17CA-FE05-45E1-8F49-355FFAC25F21}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{5DA883B8-5891-4895-886A-DEFB87E7B244}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [TCP Query User{643E4AA0-EB05-4725-BD79-042645A31FDF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CCF0D5B0-5637-4CF3-93FA-EBEC9B8AAA5F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{92636D51-448F-4244-B759-863696484044}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{6DAFD6E7-DDC9-4136-B232-C5D8C5B25F29}C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe] => (Block) C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe
FirewallRules: [UDP Query User{EB3CA087-9FD4-48F0-A15A-4C8EE1483E5E}C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe] => (Block) C:\users\dsj\appdata\roaming\bittorrent\updates\7.9.2_38657.exe
FirewallRules: [{7963F5E8-2147-45E1-BA0D-B1714BFAB16D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Link in Compliance Mode)
Description: Unknown USB Device (Link in Compliance Mode)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11250

Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11250

Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/06/2015 10:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BullGuard.exe version 15.0.0.137 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 519c

Start Time: 01d0883835a48dbe

Termination Time: 4294967295

Application Path: C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

Report Id: fd1357b1-f437-11e4-8279-40e230153638

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 10:34:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5728

Start Time: 01d08844442b8947

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: b23fcff1-f437-11e4-8279-40e230153638

Faulting package full name: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews

Error: (05/06/2015 10:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ENVY)
Description: Package Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews was terminated because it took too long to suspend.

Error: (05/06/2015 09:43:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3204

Start Time: 01d0883ab9e1513b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ae686dcd-f42e-11e4-8279-40e230153638

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 09:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BullGuard.exe version 15.0.0.137 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 519c

Start Time: 01d0883835a48dbe

Termination Time: 60000

Application Path: C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

Report Id: de6a39b0-f42f-11e4-8279-40e230153638

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 09:15:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/06/2015 07:44:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff8

Start Time: 01d07e738ae36f27

Termination Time: 20

Application Path: C:\Windows\system32\wwahost.exe

Report Id: e0bc063d-f41f-11e4-8279-40e230153638

Faulting package full name: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews


System errors:
=============
Error: (05/06/2015 09:22:41 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (05/06/2015 07:28:24 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (05/04/2015 09:38:40 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: F:\Device\HarddiskVolume143

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/03/2015 02:22:46 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/02/2015 01:22:05 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.


Microsoft Office Sessions:
=========================
Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11250

Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11250

Error: (05/06/2015 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/06/2015 10:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BullGuard.exe15.0.0.137519c01d0883835a48dbe4294967295C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exefd1357b1-f437-11e4-8279-40e230153638

Error: (05/06/2015 10:34:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415572801d08844442b89474294967295C:\Windows\system32\wwahost.exeb23fcff1-f437-11e4-8279-40e230153638Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews

Error: (05/06/2015 10:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ENVY)
Description: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews

Error: (05/06/2015 09:43:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689320401d0883ab9e1513b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeae686dcd-f42e-11e4-8279-40e230153638microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 09:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BullGuard.exe15.0.0.137519c01d0883835a48dbe60000C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exede6a39b0-f42f-11e4-8279-40e230153638

Error: (05/06/2015 09:15:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (05/06/2015 07:44:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415ff801d07e738ae36f2720C:\Windows\system32\wwahost.exee0bc063d-f41f-11e4-8279-40e230153638Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews


CodeIntegrity Errors:
===================================
Date: 2015-05-06 23:05:07.362
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-17 19:03:45.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-07 05:12:49.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-22 05:12:40.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-15 11:16:36.887
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-01 03:24:22.779
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-25 19:18:39.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-23 19:26:28.640
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-17 19:49:46.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-13 19:21:41.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8124.02 MB
Available physical RAM: 5806.55 MB
Total Pagefile: 9404.02 MB
Available Pagefile: 6843.03 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.22 GB) (Free:337.01 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.27 GB) (Free:2.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Hi Broni, thanks for responding!


Rkreport.txt


RogueKiller V10.6.2.0 [May 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : DSJ [Administrator]
Started from : C:\Users\DSJ\Downloads\RogueKiller.exe
Mode : Delete -- Date : 05/10/2015 11:58:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164-SSHD +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 932065 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1910996992 | Size: 20760 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05102015_115800.log
 
Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/05/2015
Scan Time: 12:02:40
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.10.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: DSJ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454961
Time Elapsed: 21 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Adwcleaner

# AdwCleaner v4.203 - Logfile created 10/05/2015 at 15:21:26
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : DSJ - ENVY
# Running from : C:\Users\DSJ\Downloads\adwcleaner_4.203(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 en-GB)


*************************

AdwCleaner[R0].txt - [728 bytes] - [10/05/2015 15:18:04]
AdwCleaner[R1].txt - [789 bytes] - [10/05/2015 15:20:40]
AdwCleaner[S0].txt - [715 bytes] - [10/05/2015 15:21:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [773 bytes] ##########
 
Junkware removal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 8.1 x64
Ran by DSJ on 10/05/2015 at 15:26:28.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1390891756-1648730143-2729982792-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-1002
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1397891646-1993758957-1736882376-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3076284122-610256514-454173331-500



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/05/2015 at 15:28:18.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Just an update on how the computer is performing now, I havent experienced the phantom touch screen touches since I first made this thread, but on the day it was very bad... I'm not getting anymore pop-ups from opening new windows etc.

Overall performance is good, but if the phantom ghost touches come back ill be sending the laptop back to HP as it will be an obvious hardware issue with the touchscreen.

Thanks for your help Broni - if there's anything else you need me to do please let me know.

Thanks.
 
Good :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

midian182
Microsoft revives aggressive Windows 11 upgrade campaign with intrusive popups for Windows...
2
Replies
46
Views
724
Ecurb
Ecurb
E
Fake AirPods cases that feature a display screen are popping up all over the internet
Replies
2
Views
76
fadingfool
fadingfool
Shawn Knight
Nintendo Switch console overclocked and modded to run modern PC games
Replies
3
Views
524
hwertz
hwertz

Latest posts

Back