Jump to content

Recommended Posts

To start let me say I have been a Pro User for many years now and MBAM has been great for me! Now the problem I have is several days ago I noticed an IE version 5.5 in my add remove programs so I removed it through the add remove programs. I can't say why it was there because I am quite sure I look at my add remove programs regularly and it never really stood out to me as ever being there. None the less I am not able to load Slickdeals.net but very slowly and then if I try and log into that account it may take my password maybe 1 out of 20 tries, using IE10 or Firefox I have the same issue, mainly it will say something like reset connection. I have tried adding it to the whitelist site on MBAM and also to Bitdefender with no resolve. The thing that really stood out to me today was when trying to load the slickdeals.net site (only tab open) MBAM popped up a little window on the bottom right of my screen and stated something about an attempt was made trying to connect to ccbidder.tlvmedia.com/IP=184.173.133.194 on port 57516 type=outbound from the process c:\programfiles(x86.. ffirefox.exe.

Below is my Farbar files you requested

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Graveyard Gulch (administrator) on GRAVEYARDGULCH on 02-06-2015 23:32:56
Running from C:\BackupsToSave\ThirdPartySoftware\VirusSecurityChecking\Malwarebytes'AntiMalware-SCB
Loaded Profiles: Graveyard Gulch (Available Profiles: Graveyard Gulch)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-20] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM-x32\...\Run: [PhoneTray] => C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe [445680 2009-12-19] ()
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [QuickenBillminder] => C:\Program Files (x86)\Quicken\Billmind.exe [26840 2015-03-23] (Intuit Inc.)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-11] (Bitdefender)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [iSUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-22] (Siber Systems)
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [593408 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-10-25]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-4260279203-867925444-1809286272-1001 -> DefaultScope {7A2F0001-3B60-4A57-9033-26874D375E93} URL =
SearchScopes: HKU\S-1-5-21-4260279203-867925444-1809286272-1001 -> {7A2F0001-3B60-4A57-9033-26874D375E93} URL =
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-11] (Bitdefender)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-22] (Siber Systems Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-11] (Bitdefender)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-22] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-22] (Siber Systems Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-11] (Bitdefender)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-22] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-11] (Bitdefender)
Toolbar: HKU\S-1-5-21-4260279203-867925444-1809286272-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-22] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-4260279203-867925444-1809286272-1001 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-11] (Bitdefender)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26

FireFox:
========
FF ProfilePath: C:\Users\Graveyard Gulch\AppData\Roaming\Mozilla\Firefox\Profiles\khtpp3hs.default-1433133393718
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-10-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-10-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-10-22]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-15] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-20] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 ATIAVPCI; C:\Windows\system32\DRIVERS\atinavrr.sys [1336064 2008-05-15] (ATI Technologies Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-11] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-11] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-11] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-11] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-03-20] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-01-16] ()
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-30] (BitDefender S.R.L.)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 23:32 - 2015-06-02 23:32 - 00000000 ____D () C:\FRST
2015-06-02 14:58 - 2015-06-02 14:58 - 00000000 ___RD () C:\Users\Graveyard Gulch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-02 14:56 - 2015-06-02 14:56 - 00001204 _____ () C:\Windows\PFRO.log
2015-06-02 13:13 - 2015-06-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-06-02 01:08 - 2015-06-02 01:08 - 00397086 _____ () C:\Users\Graveyard Gulch\Desktop\IEDiag.cab
2015-06-01 15:31 - 2015-06-01 15:31 - 00000000 _____ () C:\cookies.sqlite
2015-06-01 14:39 - 2015-06-01 14:39 - 00000277 _____ () C:\Users\Graveyard Gulch\Desktop\Fake player update @ Hulu got me, now I'm ridin' dirty. Free Malware Removal Forum.URL
2015-05-31 23:36 - 2015-05-31 23:36 - 00000000 ____D () C:\Users\Graveyard Gulch\Desktop\Old Firefox Data
2015-05-29 16:59 - 2015-05-29 16:59 - 00000328 _____ () C:\Users\Graveyard Gulch\Desktop\Amazon.com TMS® Ac Freon Manifold Gauge Tool R22 R404a R134a 60 Hose Wquick Connector Adapter Automotive.URL
2015-05-27 20:59 - 2015-05-27 20:59 - 00000251 _____ () C:\Users\Graveyard Gulch\Desktop\compressor turns on and off - Ford Explorer and Ranger Forums Serious Explorations®.URL
2015-05-25 14:19 - 2015-05-25 14:19 - 00000235 _____ () C:\Users\Graveyard Gulch\Desktop\▶ AC System Repair Ford Ranger & Mazda B-series How To - YouTube.URL
2015-05-23 01:18 - 2015-05-23 01:18 - 00000282 _____ () C:\Users\Graveyard Gulch\Desktop\Reuse an old router to bridge devices to your wireless network - CNET.URL
2015-05-21 15:38 - 2015-05-21 15:38 - 00001216 _____ () C:\Users\Graveyard Gulch\Desktop\I.R.I.S. Resource Center.lnk
2015-05-21 15:29 - 2015-05-21 15:29 - 01985341 _____ () C:\Users\Public\Documents\Anniversary.pra
2015-05-21 14:53 - 2015-05-21 14:50 - 00333761 _____ () C:\Users\Public\Documents\B&HHyperdriveiUSBCameraTX.prn
2015-05-19 12:55 - 2015-04-08 17:05 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-19 12:55 - 2015-03-27 03:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2015-05-16 02:54 - 2015-05-16 03:07 - 00000000 ____D () C:\Users\Graveyard Gulch\Documents\ResScan
2015-05-16 02:54 - 2015-05-16 02:54 - 00000000 ____D () C:\ProgramData\ResMed
2015-05-16 02:53 - 2015-05-16 02:53 - 00002115 _____ () C:\Users\Public\Desktop\ResScan.lnk
2015-05-16 02:53 - 2015-05-16 02:53 - 00000000 ____D () C:\Users\Public\Documents\ResMed
2015-05-16 02:53 - 2015-05-16 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResMed
2015-05-16 02:53 - 2015-05-16 02:53 - 00000000 ____D () C:\Program Files (x86)\ResMed
2015-05-16 02:49 - 2015-05-16 02:49 - 00000000 ____D () C:\ProgramData\{2AD767F8-BAFA-4BDA-B3FC-0B21ECCB71FB}
2015-05-16 01:37 - 2015-05-16 01:37 - 00001033 _____ () C:\Users\Graveyard Gulch\Desktop\SleepyHead.exe - Shortcut.lnk
2015-05-15 19:37 - 2015-05-15 20:54 - 00000000 ____D () C:\Users\Graveyard Gulch\Documents\SleepyHeadData-Testing
2015-05-15 15:50 - 2015-05-15 15:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-15 15:12 - 2015-05-15 15:12 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Local\Epic
2015-05-15 14:45 - 2015-04-08 15:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-15 14:43 - 2015-04-08 19:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-15 14:43 - 2015-04-08 19:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-15 14:43 - 2015-04-08 19:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-13 14:48 - 2015-05-13 14:48 - 00000255 _____ () C:\Users\Graveyard Gulch\Desktop\SHIELD Series RSCM-0704B042 - 4-Channel, H.264-Level DVR Surveillance Kit + Four 700TVL Cameras - Night Vision Up to 65 Feet.URL
2015-05-13 13:59 - 2015-04-30 08:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:59 - 2015-04-30 08:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:56 - 2015-04-21 09:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:56 - 2015-04-21 09:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:56 - 2015-04-21 08:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:56 - 2015-04-21 08:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:56 - 2015-04-21 08:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:56 - 2015-04-21 08:52 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:56 - 2015-04-21 08:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:56 - 2015-04-17 21:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:56 - 2015-04-17 21:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:39 - 2015-04-13 00:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:39 - 2015-04-13 00:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:39 - 2015-04-12 23:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:39 - 2015-04-12 22:25 - 04063744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:36 - 2015-05-02 01:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:36 - 2015-05-01 22:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:36 - 2015-05-01 22:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:36 - 2015-04-13 17:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 13:28 - 2015-04-13 00:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 13:32 - 2015-05-12 14:13 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Roaming\Millisecond Software
2015-05-06 23:42 - 2015-03-04 01:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-06 23:42 - 2015-03-04 01:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-06 23:42 - 2015-03-04 01:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-06 23:42 - 2015-03-03 23:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-06 23:42 - 2015-03-03 23:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-06 23:42 - 2015-02-18 02:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-06 23:42 - 2015-02-18 02:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 23:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2015-06-02 15:31 - 2013-10-22 21:09 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Local\CrashDumps
2015-06-02 15:31 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-02 15:16 - 2013-09-30 15:50 - 01645399 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 15:03 - 2012-07-26 02:28 - 00866666 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-02 14:59 - 2014-09-30 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-02 14:59 - 2013-10-22 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 14:58 - 2014-06-13 00:20 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 14:58 - 2013-12-30 23:09 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2015-06-02 14:57 - 2013-09-30 15:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-02 14:57 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 14:57 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-06-02 14:56 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\Web
2015-06-02 03:17 - 2014-09-21 13:44 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Local\Adobe
2015-06-02 02:59 - 2013-10-25 15:58 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Roaming\vlc
2015-06-02 02:58 - 2014-09-15 23:22 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-06-01 15:37 - 2014-12-08 20:17 - 00000000 ___DC () C:\Users\Graveyard Gulch\AppData\Local\MigWiz
2015-06-01 15:37 - 2013-11-24 17:04 - 00000000 ____D () C:\Windows\Minidump
2015-06-01 15:37 - 2013-10-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-29 14:26 - 2014-12-20 15:29 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C27147E8-20DD-46F4-9E95-7867E780EF3A}
2015-05-27 16:16 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-25 14:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-22 12:28 - 2013-10-22 13:29 - 00004176 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2015-05-22 12:28 - 2013-10-22 13:29 - 00003524 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2015-05-22 12:28 - 2013-10-22 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-05-21 15:34 - 2014-04-14 00:06 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Roaming\HpUpdate
2015-05-19 12:55 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-18 15:44 - 2013-10-25 15:50 - 00001103 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-05-18 14:32 - 2013-10-25 15:51 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-05-15 16:26 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2015-05-15 14:45 - 2014-08-19 13:12 - 00000000 ____D () C:\temp
2015-05-15 14:45 - 2014-05-11 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-15 14:44 - 2013-09-30 15:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-15 14:26 - 2015-03-12 14:03 - 00558888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 14:25 - 2013-10-29 19:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 14:25 - 2013-10-29 19:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 14:20 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 20:26 - 2013-10-22 22:52 - 00000000 ____D () C:\BackupsToSave
2015-05-13 20:03 - 2013-10-22 20:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4260279203-867925444-1809286272-1001
2015-05-13 14:04 - 2013-10-22 22:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 14:03 - 2013-10-22 12:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 14:00 - 2013-10-22 12:40 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 13:58 - 2013-10-29 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 14:12 - 2013-10-29 15:16 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Local\Deployment
2015-05-09 19:35 - 2013-10-22 22:30 - 00000000 ____D () C:\Users\Graveyard Gulch\AppData\Local\Microsoft Help
2015-05-08 17:03 - 2014-06-13 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 17:03 - 2014-06-13 00:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-08 17:03 - 2013-10-22 22:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 16:45 - 2014-05-11 22:45 - 00001379 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-05 12:49 - 2012-07-26 03:14 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 12:49 - 2012-07-26 03:14 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-02-03 02:43 - 2014-02-03 02:43 - 0000071 _____ () C:\Users\Graveyard Gulch\AppData\Roaming\Camdata.ini
2014-02-03 02:43 - 2014-02-03 02:43 - 0000408 _____ () C:\Users\Graveyard Gulch\AppData\Roaming\CamLayout.ini
2014-02-03 02:43 - 2014-02-03 02:43 - 0000408 _____ () C:\Users\Graveyard Gulch\AppData\Roaming\CamShapes.ini
2014-02-03 02:43 - 2014-02-03 02:43 - 0004416 _____ () C:\Users\Graveyard Gulch\AppData\Roaming\CamStudio.cfg
2013-10-27 13:56 - 2013-10-27 13:56 - 0000103 _____ () C:\Users\Graveyard Gulch\AppData\Local\fusioncache.dat
2013-10-25 15:51 - 2015-05-18 14:32 - 0000083 ___SH () C:\ProgramData\.zreglib
2014-09-15 12:12 - 2014-09-15 12:12 - 1615596 _____ () C:\ProgramData\1410795049.bdinstall.bin
2014-12-29 23:55 - 2014-12-29 23:55 - 3416158 _____ () C:\ProgramData\1419900967.bdinstall.bin
2015-01-04 16:13 - 2015-01-04 16:13 - 0098523 _____ () C:\ProgramData\1420406007.bdinstall.bin
2015-03-05 21:23 - 2015-03-05 21:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-07 01:44 - 2014-12-07 01:44 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-04 16:08 - 2015-01-04 16:08 - 0000032 _____ () C:\ProgramData\Temp.log
2013-09-30 16:19 - 2013-09-30 16:19 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-09-30 16:17 - 2013-09-30 16:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-09-30 16:17 - 2013-09-30 16:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-09-30 16:16 - 2013-09-30 16:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-09-30 16:18 - 2013-09-30 16:19 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Users\Graveyard Gulch\en_res.dll
C:\Users\Graveyard Gulch\es_res.dll
C:\Users\Graveyard Gulch\fr_res.dll
C:\Users\Graveyard Gulch\grm_res.dll
C:\Users\Graveyard Gulch\it_res.dll
C:\Users\Graveyard Gulch\jp_res.dll
C:\Users\Graveyard Gulch\mfc80u.dll
C:\Users\Graveyard Gulch\msvcr80.dll
C:\Users\Graveyard Gulch\PCPE Setup.exe
C:\Users\Graveyard Gulch\pt_res.dll
C:\Users\Graveyard Gulch\ResourceReader.dll
C:\Users\Graveyard Gulch\ru_res.dll
C:\Users\Graveyard Gulch\zh_res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-02 03:55

==================== End of log ============================

 

Farbar Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Graveyard Gulch at 2015-06-02 23:33:19
Running from C:\BackupsToSave\ThirdPartySoftware\VirusSecurityChecking\Malwarebytes'AntiMalware-SCB
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4260279203-867925444-1809286272-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4260279203-867925444-1809286272-1003 - Limited - Enabled)
Graveyard Gulch (S-1-5-21-4260279203-867925444-1809286272-1001 - Administrator - Enabled) => C:\Users\Graveyard Gulch
Guest (S-1-5-21-4260279203-867925444-1809286272-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Premiere Elements 4.0 (HKLM-x32\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 4.0 Templates (HKLM-x32\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)
Alarm (HKLM-x32\...\Alarm_is1) (Version: 2.0.7 - Bluefive software)
AMD Catalyst Install Manager (HKLM\...\{567D38C3-15B4-B00B-86C1-7B11AB252A4B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.0.0 - SlySoft)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.14.0.1088 - Bitdefender)
Calendar Printing Assistant for Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Call of Duty® 4 - Modern Warfare (x32 Version: 1.6 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CHIRP (HKLM-x32\...\CHIRP) (Version:  - )
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DeLorme Topo North America 9.0 (HKLM-x32\...\{CA2AB87D-77FC-413E-A672-E7B9590BB762}) (Version: 9.100.14857 - DeLorme Publishing)
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Index.dat Suite (HKLM-x32\...\{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1) (Version: 2.11.0 - Ur I.T. Mate Group)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office Printing Essentials (HKLM-x32\...\{49501F7D-99A9-46E8-AECF-7ABFD90823EE}) (Version: 1.0.0.3 - Nova Development)
PhoneTray Free (HKLM-x32\...\PhoneTray) (Version: 1.35 - Traysoft Inc.)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version:  - Jan Fiala)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
ResScan (HKLM-x32\...\{576614CB-8AAE-467B-B019-1BA3CFCBFFDA}) (Version: 5.4 - ResMed Ltd)
RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator Premier (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio EasyArchive (HKLM-x32\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.5.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2 - Roxio)
Roxio MyDVD Premier (HKLM-x32\...\{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}) (Version: 9.1.573 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
RW-Everything v1.6.6.1 (HKLM\...\RW-Everything_is1) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SleepyHead version 0.9.3 (HKLM-x32\...\{429228B9-3CB2-47DA-A772-E6FBD05FD3D2}_is1) (Version: 0.9.3 - SleepyHead)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM-x32\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM-x32\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM-x32\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics Inc.)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TVT7Diag64 (Version: 1.10 - ATI Technologies Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-05-2015 03:00:17 Windows Backup
24-05-2015 03:10:11 Scheduled Checkpoint
24-05-2015 12:10:51 Windows Backup
31-05-2015 03:00:16 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D1DED15-D918-4776-9B9E-B926718D9C3D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {8250B254-DA0C-4347-A28E-548ACBE7DF9B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {844B8462-9A50-45E2-890F-E79B27CA042C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {8B16D1EA-0305-4593-8EC6-19EBD672CBD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {91A49505-F905-403A-B0AA-67BEC46FCF15} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {95845BED-54FA-469A-84AE-E8B3E64EBF87} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {ADB042B0-D91F-4157-8A24-D1288EDAFCD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {B72600B3-8929-4598-8989-27A0E6A30059} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-22] (Siber Systems)
Task: {D094E427-1A34-4554-8647-B313EFF4E0EA} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMMJPMHMOMIMJMGMMJCNLMOJGMPMCNLMIMOMJJCNNJOJNJHMCNOJIMLJNMGMGMMJPMNJOJMMNJJNJICMIMCNGMCNOMMMFMOMPMCNPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMKMIMJMJNHICMEKMICNJJCKJNBJCMIKGJDJDJPNLKHJAJNILIAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMLMFMOMNMHMFMJMLMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {DB172DD2-53ED-436F-B0C7-746B9AA44BBD} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe
Task: {DD9758C2-5366-4512-BCE2-B0E8D33B6E97} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {DE223954-1D92-4EF1-ACD1-0B4FAA101C3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe6C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-15 12:19 - 2014-09-15 12:19 - 00265080 ____N () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-29 23:15 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-29 23:26 - 2014-12-17 15:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-29 23:20 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 05:53 - 2015-05-06 05:53 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpbr.mdl
2015-05-06 05:53 - 2015-05-06 05:53 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpdsp.mdl
2015-05-06 05:53 - 2015-05-06 05:53 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpph.mdl
2015-05-06 05:53 - 2015-05-06 05:53 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttprbl.mdl
2013-09-30 15:50 - 2015-04-08 16:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-04 23:40 - 2012-12-04 21:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL
2013-11-06 22:30 - 2012-12-04 21:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll
2015-02-03 23:08 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-12-28 15:39 - 2012-12-28 15:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 15:36 - 2012-12-28 15:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 15:41 - 2012-12-28 15:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2012-12-28 15:42 - 2012-12-28 15:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2009-12-19 22:22 - 2009-12-19 22:22 - 00445680 _____ () C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
2015-04-07 18:37 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-02-03 23:05 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-11 23:44 - 2013-01-24 07:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-07-25 18:29 - 2012-07-25 22:06 - 00924672 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Graveyard Gulch\Desktop\FXST30.dll:BDU
AlternateDataStreams: C:\Users\Graveyard Gulch\Downloads\WindowsUpgradeAssistant.exe:BDU
AlternateDataStreams: C:\Users\Graveyard Gulch\Downloads\XPS-8700_Chipset_Driver_21Y1M_WN_9.4.0.1016_A00.EXE:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\amazon.com -> hxxps://www.amazon.com
IE trusted site: HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\paypal.com -> hxxps://www.paypal.com
IE trusted site: HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\slickdeals.net -> hxxps://slickdeals.net
IE trusted site: HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\univoxcommunity.com -> hxxps://www.univoxcommunity.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4260279203-867925444-1809286272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Graveyard Gulch\Pictures\BigFlatHomecoming\DUB_6589.JPG
DNS Servers: 192.168.0.1 - 205.171.3.26

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Samsung Drive Manager Real-Time.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "dldomon.exe"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "PhoneTray"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "Dell 968 AIO Printer"
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\StartupApproved\Run: => "Bitdefender Wallet Application Agent"
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\StartupApproved\Run: => "Bitdefender Wallet Agent"
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-4260279203-867925444-1809286272-1001\...\StartupApproved\Run: => "QuickenBillminder"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{DFA07598-5A98-4F86-B451-EA975BB1EE2C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CED81AF2-0AE0-416E-B601-A2855DB61DA7}] => (Allow) LPort=2869
FirewallRules: [{A5921214-373C-4EBB-8979-2CF4CED78FD1}] => (Allow) LPort=1900
FirewallRules: [{5CA1325B-41BE-4646-9764-88D626874E4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{8ADBB96F-F215-4D44-813B-E6123CF6A596}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{1E8C0A12-B0A6-4FE8-BB29-705CD1B31B47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3EFE36CE-DDF7-4758-A980-639B69F697CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C704052C-E0CA-409B-BCB5-936898A3A941}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{0DAC77F0-52D1-4046-A0E4-FCCF810EF0B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{025A8AC3-2202-44E5-AA17-C977077C389F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{68452BDB-E0EA-467F-9115-7DFCF15F1D54}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{C920E851-4CFC-467B-A89E-301F342B1416}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{A601A88E-A254-4F58-A037-31C5CEAFBAA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{5625FB55-4D17-433D-BFC2-39C8C3D733C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{A13A4123-80D4-4D4D-9A76-45D83E009827}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{E5B61E42-5A35-4523-AD0B-EF4522F064DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{10F5E44B-914A-4BD8-8967-0C42DB513CF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{8ECD672E-8ED7-4C7C-B90A-DB0B5003D780}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{F9121DCA-7902-4D56-B2A7-9D1DBA691A1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{F9E4359D-AD0F-47A6-906E-4DB5492C581E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{9CDCF0DD-19A1-4FCC-B832-1E01F37E65E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{6BB54D17-7D57-497D-B180-4FA01F873EA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{5F3ABF21-72CE-4A7B-8D49-022831D601CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{B8495A16-F065-4391-ACDF-804D3A4A0DAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{7BFDD024-CAF2-4F8A-B417-BB95AE3D1534}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{B7ADB4AC-6006-4387-B930-1D70538EADD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{106CDF31-D092-4059-9E56-3F56BB7E7B61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{715DBC21-144F-44DF-A0EA-E146D6D75276}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{4F297C30-3A32-4CF1-BB26-5BE1B8549ABC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{29CFD6E7-E303-403D-9941-D785CA3F390D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{EC4DD313-5027-4AB3-B571-CC3F50F5B3C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{04E2AE4F-768B-4A2F-BFD9-731F7FEBF79A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{406DEC79-D46A-43CE-A634-516214663DFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{FBEE17CD-B6E4-4A66-B27F-301E7744AF0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{A5219127-6F8B-4211-8399-61C6636AF5B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{AECA4C70-2207-4179-BD71-28192C039CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{9896C9DE-A085-49F6-8A08-6AF124B980B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3CB7EB50-9E32-45EA-BD57-E533E8AD2250}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C21815AA-D302-439A-90FF-23F2A4818F45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8ECBF7A8-DC9D-4EF3-83DD-6E22558E8B7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4B82DEFC-AE21-447A-8695-A0FA496183D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7312E38E-2E1A-4AD3-ACA6-067E003314FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AB55F475-3B5C-4254-BE96-FF64371237A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C8AD3FA0-45A8-45B3-B80C-7A800AA50AC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{524BF28C-C1F4-4054-87C9-5B713509F82D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{425D6F07-23FB-495E-A555-B2ED98564432}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{5FDC9B82-0EEA-41EE-BC2B-F3E71BBAD32E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{1173AD2E-5480-41F9-90B9-74273421C75F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C06EDF2B-0BDC-428B-9EEA-144A257F6226}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A636B92-B983-4DDC-A5FA-155A93A9A7FA}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{56304038-EDE3-4A72-9DD7-6969EB5970BC}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{515C1DB1-9E42-4D77-8ED7-585972A81EE5}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{137D0E40-5156-419D-BAFD-E020661D6669}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{726982EC-485B-44D1-8FF3-20B23D98A97C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{44BA818B-C86B-48FD-8991-A882376CDE34}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{E0BECEAA-57FD-4731-8586-D7A70E3BAA53}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3A2B2751-76B6-4788-8957-3F5DE9AF601B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2DC0F6E6-FABA-4009-87FC-8FA6DA4AB065}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD57DD56-0FF9-437F-8EA0-565AEDD90C51}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D4B40DA-C9B8-4B2B-8C46-899E61710B92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FEE5C9E5-46B3-45BF-8CAB-2119F8111D0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5F611A0F-60D1-41C9-8FB8-40446CAF74A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81D283D1-FEB6-4F95-9296-B4A4159EEFDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D5D4AED-8591-4607-A48F-1FCA37FF662E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D42F842-89B6-4B0A-854D-F316AB1EB749}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{60C0296D-F899-4164-B9D6-9EC576449579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{782C2567-28A2-473A-8417-3D7741919EE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{86B56A14-658E-4B70-8E88-242DD053E81A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{8F0B38AC-F5F6-4838-BE11-B2650B38A1E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{2F7B7996-9E97-4B77-83FB-2278B213AF34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{CE034C53-0FCC-4730-8F5F-55581B7DDC05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{C0F0E255-842D-4833-97F3-FD7926AEB0F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{4BECC725-BFFD-4EAC-B202-05FAE7012FDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{20ED013F-3005-424C-9B39-C4D859398A83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{169AF33B-0873-4DF0-A7AD-CA7E53D901FB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A12F3889-E6F7-4B97-92D7-824E0225CEE4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{29F02695-ADD8-4A8C-96B4-8BB7C24C7831}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{420A5382-766B-46AC-83E3-AAA7D9905AD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{57D36675-6D5A-4CF7-BF28-C0E802C8507D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1F46BF3D-D8AA-40F8-B4B9-6A887E9A08FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F2C538F-66A3-419A-B5B7-FCB112470408}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9174A2E9-35BA-483E-B92D-95CB78C790FA}] => (Allow) D:\SteamGamesBackUP\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{5B160399-9B4F-46B9-9868-F0EE9300B56B}] => (Allow) D:\SteamGamesBackUP\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{052353C8-E5FA-48C1-AEC3-F5B075A605E6}] => (Allow) D:\SteamGamesBackUP\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C4CA0C66-80FB-44E1-BD71-DE09F2650F5D}] => (Allow) D:\SteamGamesBackUP\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{D4CC8AF5-2093-463A-B8BE-4C2B2EA0E5D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9D5B3474-B0A5-4900-A47E-B527C1D959B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{0EE0FD10-4D86-4A84-A005-4B089979ECF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2015 11:31:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: GraveyardGulch)
Description: Product: Roxio MyDVD Premier -- Error 1706.No valid source could be found for product Roxio MyDVD Premier.  The Windows Installer cannot continue.

Error: (06/02/2015 11:30:54 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:30:54 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:30:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: GraveyardGulch)
Description: Product:  -- Internal Error 2343.

Error: (06/02/2015 11:30:52 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:30:52 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:20:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: GraveyardGulch)
Description: Product: Roxio MyDVD Premier -- Error 1706.No valid source could be found for product Roxio MyDVD Premier.  The Windows Installer cannot continue.

Error: (06/02/2015 11:20:28 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:20:28 PM) (Source: SideBySide) (EventID: 64) (User: )
Description: Activation context generation failed for "requestedExecutionLevel1".Error in manifest or policy file "requestedExecutionLevel2" on line requestedExecutionLevel3.
The attribute uiaccess is not permitted in this context on element requestedExecutionLevel.

Error: (06/02/2015 11:20:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: GraveyardGulch)
Description: Product:  -- Internal Error 2343.


System errors:
=============
Error: (06/02/2015 11:30:55 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 11:30:52 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 11:20:28 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 11:20:26 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 11:10:04 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 11:10:01 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 10:59:38 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 10:59:35 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 10:49:13 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (06/02/2015 10:49:11 PM) (Source: DCOM) (EventID: 10001) (User: GraveyardGulch)
Description: C:\PROGRA~2\Roxio\ROXIOM~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable


Microsoft Office:
=========================
Error: (01/13/2015 10:54:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 566 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-12-22 15:35:43.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:34:03.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:33:36.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:23:04.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:21:32.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:21:12.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:05:42.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:03:41.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:03:04.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 15:00:17.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 12237.68 MB
Available physical RAM: 9633.75 MB
Total Pagefile: 13965.68 MB
Available Pagefile: 10769.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.81 GB) (Free:480.4 GB) NTFS
Drive d: (IsletBranch) (Fixed) (Total:931.51 GB) (Free:819.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F2BF6E97)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDEDC76A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.





warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;bitsadmin /reset /allusers;bipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)



Post its content into your next reply.

Link to post
Share on other sites

Hello Argus, thanks for giving me your time. I have disabled the BD virus and MBAM as per instructions on BleepingComputer from the ZOEK instructions. I will not do change anything until I have gotten permission from you. Thanks again for your help and time.

Now here is the ZOEK-results.txt

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Graveyard Gulch on Wed 06/03/2015 at 20:19:27.13.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\BackupsToSave\ThirdPartySoftware\VirusSecurityChecking\Malwarebytes'AntiMalware-SCB\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

6/3/2015 8:20:41 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Belarc deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\Dumps deleted successfully
C:\Users\Graveyard Gulch\AppData\Roaming\Millisecond Software deleted successfully
C:\Users\Graveyard Gulch\AppData\Roaming\QuickScan deleted successfully
C:\Users\Graveyard Gulch\AppData\Local\GameSpy deleted successfully
C:\Users\Graveyard Gulch\AppData\Local\MigWiz deleted successfully
C:\Users\Graveyard Gulch\AppData\Local\softthinks deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{237A2CA7-02F4-4951-934D-F7FEBE829D64} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Belarc not found
C:\Users\Graveyard Gulch\en_res.dll deleted
C:\Users\Graveyard Gulch\es_res.dll deleted
C:\Users\Graveyard Gulch\fr_res.dll deleted
C:\Users\Graveyard Gulch\grm_res.dll deleted
C:\Users\Graveyard Gulch\it_res.dll deleted
C:\Users\Graveyard Gulch\jp_res.dll deleted
C:\Users\Graveyard Gulch\mfc80u.dll deleted
C:\Users\Graveyard Gulch\msvcr80.dll deleted
C:\Users\Graveyard Gulch\pt_res.dll deleted
C:\Users\Graveyard Gulch\ResourceReader.dll deleted
C:\Users\Graveyard Gulch\ru_res.dll deleted
C:\Users\Graveyard Gulch\zh_res.dll deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Graveyard Gulch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\Windows\WinInit.Ini deleted
C:\Windows\Syswow64\SETE72B.tmp deleted
C:\Users\Graveyard Gulch\PCPE Setup.exe deleted
C:\BackupsToSave\ThirdPartySoftware\VirusSecurityChecking\WinPatrol-SCB\wpsetup.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\GRAVEY~1\AppData\Roaming\Mozilla\Firefox\Profiles\khtpp3hs.default-1433133393718
user_pref("browser.search.defaultenginename.US", "DuckDuckGo");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [05/22/2015 12:28 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [05/22/2015 12:28 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Graveyard Gulch\AppData\Roaming\Mozilla\Firefox\Profiles\khtpp3hs.default-1433133393718
EE8D96E7899D12FC3AA5DB2034C0853C    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll -    Shockwave Flash
2E661988463BCFA1B95D4DAAB9B0B6FA    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabcmochhfpldjekobfaaggijgohadih - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7A2F0001-3B60-4A57-9033-26874D375E93}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{7A2F0001-3B60-4A57-9033-26874D375E93} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E6E744E-4D20-4CE3-9A7A-26DFFFE22F68} deleted successfully
HKEY_USERS\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E6E744E-4D20-4CE3-9A7A-26DFFFE22F68} deleted successfully
HKEY_USERS\S-1-5-21-4260279203-867925444-1809286272-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7A2F0001-3B60-4A57-9033-26874D375E93} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6E6E744E-4D20-4CE3-9A7A-26DFFFE22F68} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7A2F0001-3B60-4A57-9033-26874D375E93} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A2F0001-3B60-4A57-9033-26874D375E93} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Graveyard Gulch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Graveyard Gulch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ReleaseEngineer.MACROVISION\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RELEAS~1.MAC\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Graveyard Gulch\AppData\Local\Mozilla\Firefox\Profiles\khtpp3hs.default-1433133393718\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=45 folders=15 27137940 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Graveyard Gulch\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GRAVEY~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 06/03/2015 at 20:33:58.17 ======================
 

Link to post
Share on other sites

Argus, things are looking great here. Haven't seen any strange happenings with attempted blocks from MBAM to stop something from connecting to the internet. I do see a few programs hanging out in directories that have no way to remove them in the add\remove feature of control panel. Just little things I see I would like to get rid of which aren't used by me but things I had noticed in BitDefender firewall that I had allowed through before all of this happened. Looks like things maybe I had removed before all of this happened and I just would like to remove any left over stuff.

One example I see is an entry which was probably associated at one time with the (IE5.5 I removed prior) it is in my c\users\graveyardgulch\appdata-there is a file named roaminguser_gensett.xml------ internal file shows this

{<?xml version="1.0" encoding="UTF-8"?>
-<settings version="1.0"><bdnews>1</bdnews><show_alert>1</show_alert><show_abar>0</show_abar><load_startup>1</load_startup><virus_rep>1</virus_rep><od>1</od><pass_enablepc>1</pass_enablepc><show_popus_advanced>1</show_popus_advanced><show_popups_basic>0</show_popups_basic></settings>}

 

So do you think everything looks good on your end? If so can you tell me what you ran across to give me such issue? What else do I need to proceed further with. Once again thank you for putting you time into this issue!

Link to post
Share on other sites

"roaminguser_gensett.xml" keeps Bitdefender general settings such as sending anonymous usage reports (available from Settings > General > Advanced) and whether the security widget is displayed on your desktop or not.

 

You had adware, is not classic malware.

 

 

 

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

 

 

 

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.