Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer/browser started with Malware. Continuing after


  • This topic is locked This topic is locked
15 replies to this topic

#1 outtawack311

outtawack311

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 07 June 2015 - 10:54 AM

I have a HP laptop that has 8 gb ram, an I-5 and integrated graphics. About two months ago we got some malware on the computer that slowed down everything. I thought I removed all of it, but ever since then there have been all sorts of issues.

 

1. All browser open very very slow. It takes a good 45 seconds for a new tab to open up, another minute to make it to any website (even www.google.com). Once they are open I can switch between tabs at a mostly normal pace

2. In the tile screen typing any search is slow. Not anywhere near as bad as the browsers, but it still should be quicker.

3. Google chrome doesn't allow me to install adblock through the app store. It says network failed.

4. I can't flush the dns on the computer. This is a new one for me. I tried fixing it this morning by making sure the DNS service was running and by checking the host files, but nothing worked. I still get “Could not flush the DNS Resolver Cache: Function failed during execution"

 

I posted this here in the 8.1 support forum, but since it started with malware I thought I could have you guys take a look at my hijackthis log.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:42:09 AM, on 6/7/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

Running processes:
C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\WindowsApps\32988BernardoZamora.SolitaireHD_1.13.0.34_neutral__1fgex2kbsn6g8\Solitaire.exe
C:\Program Files\Microsoft Office 15\root\office15\excel.exe
C:\Program Files\Microsoft Office 15\root\office15\winword.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Cole\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: (no name) - {72351B45-9636-4F99-820B-7C552D27897D}} - (no file)
O2 - BHO: (no name) - {72351B45-9636-4F99-820B-7C552D27897D} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Cole\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.maxhealth.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrcmSetSecurity - Intel - C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem10.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16523 bytes

 



BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 09 June 2015 - 02:45 PM

:welcome:

 

Hijackthis is not used much anymore, we have better programs that show us more. Make sure you download and run these programs and all future programs we may use to you desktop, they will run more efficiently from the desktop in lieu of being buried in some folder

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  •  
  • Right click the aswMBR icon and select Run as Administrator
  • XP users just Double Click it to run
  • If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
  • Click the Scan button to start scan.
  • Select Quickscan on the dropdown list
  • If you are asked to update the Avast Virus database please allow it to do so.
  • The scan could take 20 minutes or more , please be patient and let it finish
  • It will say Scan Finished when its done.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your DESKTOP
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Edited by ken545, 09 June 2015 - 02:46 PM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 outtawack311

outtawack311
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 09 June 2015 - 07:57 PM

Okay I ran the scans

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-09 19:50:53
-----------------------------
19:50:53.958    OS Version: Windows x64 6.2.9200
19:50:53.958    Number of processors: 4 586 0x4501
19:50:53.974    ComputerName: COLEY  UserName: Cole
19:51:15.521    Initialize success
19:51:15.802    VM: initialized successfully
19:51:15.802    VM: Intel CPU BiosDisabled
19:54:06.439    AVAST engine defs: 15060901
19:54:20.506    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
19:54:20.506    Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA590 Size: 715404MB BusType: 8
19:54:20.756    Disk 0 MBR read successfully
19:54:20.772    Disk 0 MBR scan
19:54:20.788    Disk 0 unknown MBR code
19:54:20.788    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:54:21.147    Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:04.867    Service scanning
19:56:34.852    Modules scanning
19:56:34.868    Disk 0 trace - called modules:
19:56:34.993    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:56:35.008    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001f40a6060]
19:56:35.024    3 CLASSPNP.SYS[fffff80079d81170] -> nt!IofCallDriver -> [0xffffe001f2ffe680]
19:56:35.024    5 hpdskflt.sys[fffff8007a09742b] -> nt!IofCallDriver -> [0xffffe001f0aa53f0]
19:56:35.040    7 ACPI.sys[fffff8007927bc21] -> nt!IofCallDriver -> \Device\0000002f[0xffffe001f16f7510]
19:56:40.477    AVAST engine scan C:\WINDOWS
19:56:48.762    AVAST engine scan C:\WINDOWS\system32
20:11:48.661    AVAST engine scan C:\WINDOWS\system32\drivers
20:13:07.456    AVAST engine scan C:\Users\Cole
20:35:54.536    AVAST engine scan C:\ProgramData
20:38:05.522    Disk 0 statistics 3984795/0/0 @ 1.41 MB/s
20:38:05.538    Scan finished successfully
20:43:02.894    Disk 0 MBR has been saved successfully to "C:\Users\Cole\Desktop\MBR.dat"
20:43:02.925    The log file has been saved successfully to "C:\Users\Cole\Desktop\aswMBR.txt"

 

 

Next:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Cole (administrator) on COLEY on 09-06-2015 20:49:14
Running from C:\Users\Cole\Desktop
Loaded Profiles: Cole (Available Profiles: Cole)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\32988BernardoZamora.SolitaireHD_1.13.0.34_neutral__1fgex2kbsn6g8\Solitaire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Trend Micro Inc.) C:\Users\Cole\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
() C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ui\updateui.exe
(AVAST Software) C:\Users\Cole\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-03-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-02] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Spotify] => C:\Users\Cole\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Spotify Web Helper] => C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Facebook Update] => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-27] (Facebook Inc.)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-421480889-2455255382-358523555-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
BHO-x32: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.maxhealth.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.74

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-421480889-2455255382-358523555-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cole\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-03-02] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-21] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-03-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-25] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-19] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\Cole\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Cole\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 20:49 - 2015-06-09 20:49 - 00024642 _____ C:\Users\Cole\Desktop\FRST.txt
2015-06-09 20:48 - 2015-06-09 20:49 - 00000000 ____D C:\FRST
2015-06-09 20:45 - 2015-06-09 20:45 - 02108928 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
2015-06-09 20:43 - 2015-06-09 20:43 - 00002036 _____ C:\Users\Cole\Desktop\aswMBR.txt
2015-06-09 20:43 - 2015-06-09 20:43 - 00000512 _____ C:\Users\Cole\Desktop\MBR.dat
2015-06-09 19:48 - 2015-06-09 19:49 - 05198336 _____ (AVAST Software) C:\Users\Cole\Desktop\aswMBR.exe
2015-06-07 18:16 - 2015-06-07 18:17 - 00000165 ____H C:\Users\Cole\Desktop\~$UHC Referral Tracker New.xlsx
2015-06-07 18:07 - 2015-06-07 18:14 - 00047712 _____ C:\Users\Cole\Downloads\UHC Tracker.xlsx
2015-06-07 11:42 - 2015-06-07 11:42 - 00016525 _____ C:\Users\Cole\Desktop\hijackthis.log
2015-06-07 11:22 - 2015-06-09 20:25 - 00939616 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-07 09:28 - 2015-06-07 09:27 - 01402880 _____ C:\Users\Cole\Downloads\HijackThisSetup [1].exe
2015-06-07 09:13 - 2015-06-07 09:13 - 00536410 _____ C:\Users\Cole\Desktop\cc_20150607_091328.reg
2015-06-07 09:04 - 2015-06-07 09:05 - 00000000 ____D C:\Program Files\CCleaner
2015-06-07 09:04 - 2015-06-07 09:04 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-07 09:04 - 2015-06-07 09:04 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-07 09:04 - 2015-06-07 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-04 22:04 - 2015-06-04 22:10 - 00011999 ____H C:\Users\Cole\Documents\~WRL2588.tmp
2015-06-04 20:22 - 2015-06-07 18:48 - 00035514 _____ C:\Users\Cole\Desktop\UHC Referral Tracker New.xlsx
2015-06-04 20:20 - 2015-06-04 20:20 - 00027275 _____ C:\Users\Cole\Downloads\UHC Referral Tracker.xlsx
2015-06-04 19:40 - 2015-06-04 19:40 - 00015914 _____ C:\Users\Cole\Downloads\Draft UHC Referral Tracker - Anthony revisions.xlsx
2015-06-03 20:14 - 2015-06-03 22:14 - 00962423 _____ C:\Users\Cole\Downloads\FSG 6.4.15 (2).pptx
2015-06-03 20:13 - 2015-06-03 20:13 - 00910996 _____ C:\Users\Cole\Downloads\FSG 6.4.15 (1).pptx
2015-06-03 20:10 - 2015-06-03 20:10 - 00910996 _____ C:\Users\Cole\Downloads\FSG 6.4.15.pptx
2015-05-25 14:51 - 2015-05-25 14:51 - 00000954 _____ C:\Users\Cole\Downloads\[kat.cr]the.girl.who.came.home.by.hazel.gaynor.epub.torrent
2015-05-25 14:15 - 2015-05-25 14:15 - 00006072 _____ C:\Users\Cole\Downloads\[kat.cr]martha.brockenbrough.the.game.of.love.and.death.epub.plex.torrent
2015-05-25 11:52 - 2015-05-25 11:52 - 00011679 _____ C:\Users\Cole\Downloads\[kat.cr]isaac.bell.series.by.clive.cussler.and.justin.scott.epub.retail.torrent
2015-05-25 11:24 - 2015-05-25 11:24 - 00005178 _____ C:\Users\Cole\Downloads\[kat.cr]blake.crouch.wayward.pines.trilogy (1).torrent
2015-05-25 11:23 - 2015-05-25 11:23 - 00001984 _____ C:\Users\Cole\Downloads\[kat.cr]neverwhere.neil.gaiman.torrent
2015-05-25 11:20 - 2015-05-25 11:20 - 00001248 _____ C:\Users\Cole\Downloads\[kat.cr]no.bone.unturned.inside.the.world.of.a.top.forensic.scientist.and.his.work.on.america.s.most.notorious.crimes.and.disasters.ideusex.torrent
2015-05-25 11:17 - 2015-05-25 11:17 - 00003541 _____ C:\Users\Cole\Downloads\[kat.cr]coraline.neil.gaiman.torrent
2015-05-25 11:17 - 2015-05-25 11:17 - 00001468 _____ C:\Users\Cole\Downloads\[kat.cr]the.queen.of.the.tearling.erika.johansen.epub.torrent
2015-05-25 11:15 - 2015-05-25 11:15 - 00003416 _____ C:\Users\Cole\Downloads\[kat.cr]the.crown.conspiracy.the.riyria.revelations.pdf.mobi.epub.torrent
2015-05-25 11:10 - 2015-05-25 11:10 - 00001697 _____ C:\Users\Cole\Downloads\[kat.cr]the.lost.island.gideon.crew.3.by.douglas.preston.torrent
2015-05-25 11:09 - 2015-05-25 11:09 - 00001665 _____ C:\Users\Cole\Downloads\[kat.cr]gideon.s.sword.by.douglas.preston.gideon.crew.book.1.azizex666.torrent
2015-05-25 11:09 - 2015-05-25 11:09 - 00001066 _____ C:\Users\Cole\Downloads\[kat.cr]gideon.s.corpse.by.douglas.preston.gideon.crew.book.2.azizex666.torrent
2015-05-25 11:02 - 2015-05-25 11:02 - 00001311 _____ C:\Users\Cole\Downloads\[kat.cr]virtue.falls.virtue.falls.1.by.christina.dodd.torrent
2015-05-25 11:02 - 2015-05-25 11:02 - 00000948 _____ C:\Users\Cole\Downloads\[kat.cr]the.museum.of.extraordinary.things.by.alice.hoffman.epub.torrent
2015-05-25 10:58 - 2015-05-25 10:58 - 00009484 _____ C:\Users\Cole\Downloads\[kat.cr]the.screaming.staircase.lockwood.co.1.jonathan.stroud.epub.mobi.torrent
2015-05-25 10:45 - 2015-05-25 10:45 - 00003447 _____ C:\Users\Cole\Downloads\[kat.cr]the.tournament.matthew.reilly.torrent
2015-05-25 10:44 - 2015-05-25 10:44 - 00003260 _____ C:\Users\Cole\Downloads\[kat.cr]the.ghost.of.the.mary.celeste.by.valerie.martin.torrent
2015-05-25 10:42 - 2015-05-25 10:42 - 00012796 _____ C:\Users\Cole\Downloads\[kat.cr]frank.beddor.looking.glass.wars.1.3.epub.lit.mobi.torrent
2015-05-25 10:39 - 2015-05-25 10:39 - 00005305 _____ C:\Users\Cole\Downloads\[kat.cr]uncle.montague.s.tales.of.terror.tales.of.terror.1.by.chris.priestley.torrent
2015-05-25 10:38 - 2015-05-25 10:38 - 00011439 _____ C:\Users\Cole\Downloads\[kat.cr]hyperbole.and.a.half.allie.brosh.epub.torrent
2015-05-25 10:32 - 2015-05-25 10:32 - 00004197 _____ C:\Users\Cole\Downloads\[kat.cr]the.warded.man.demon.trilogy.pdf.mobi.epub.torrent
2015-05-25 10:31 - 2015-05-25 10:31 - 00002897 _____ C:\Users\Cole\Downloads\[kat.cr]susanna.clarke.jonathan.strange.mr.norrell.torrent
2015-05-25 10:30 - 2015-05-25 10:30 - 00014760 _____ C:\Users\Cole\Downloads\[kat.cr]the.resurrectionist.the.lost.work.of.dr.spencer.black.torrent
2015-05-25 10:25 - 2015-05-25 10:25 - 00002777 _____ C:\Users\Cole\Downloads\[kat.cr]first.frost.waverly.family.02.sarah.addison.allen.torrent
2015-05-25 10:25 - 2015-05-25 10:25 - 00001374 _____ C:\Users\Cole\Downloads\[kat.cr]sarah.addison.allen.garden.spells.sd1.cpul.torrent
2015-05-25 10:22 - 2015-05-25 10:22 - 00001342 _____ C:\Users\Cole\Downloads\[kat.cr]david.guterson.snow.falling.on.cedars.2009.retail.epub.ebook.bit.torrent
2015-05-25 10:19 - 2015-05-25 10:19 - 00001692 _____ C:\Users\Cole\Downloads\[kat.cr]china.miéville.kraken.torrent
2015-05-25 10:15 - 2015-05-25 10:15 - 00001412 _____ C:\Users\Cole\Downloads\[kat.cr]jeff.lindsay.dexter.series.torrent
2015-05-25 09:56 - 2015-05-25 09:56 - 00001458 _____ C:\Users\Cole\Downloads\[kat.cr]complete.works.of.edgar.allen.poe.5vol.set.mobi.epub.zombirg.torrent
2015-05-24 14:44 - 2015-05-24 14:44 - 00003635 _____ C:\Users\Cole\Downloads\[kat.cr]emily.st.john.mandel.station.eleven.epub.torrent
2015-05-24 14:37 - 2015-05-24 14:37 - 00000524 _____ C:\Users\Cole\Downloads\[kat.cr]hocking.amanda.switched.epub.torrent
2015-05-24 14:36 - 2015-05-24 14:36 - 00005742 _____ C:\Users\Cole\Downloads\[kat.cr]a.constellation.of.vital.phenomena.by.anthony.marra.epub.mobi.knightinkat.torrent
2015-05-24 14:35 - 2015-05-24 14:35 - 00003909 _____ C:\Users\Cole\Downloads\[kat.cr]debbie.macomber.last.one.home.retail.wildwielder.epub.torrent
2015-05-24 14:31 - 2015-05-24 14:31 - 00003439 _____ C:\Users\Cole\Downloads\[kat.cr]anne.tyler.a.spool.of.blue.thread.retail.epub.torrent
2015-05-24 14:31 - 2015-05-24 14:31 - 00001553 _____ C:\Users\Cole\Downloads\[kat.cr]child.lincoln.the.forgotten.room.epub.zeke23.torrent
2015-05-24 14:26 - 2015-05-24 14:26 - 00001178 _____ C:\Users\Cole\Downloads\[kat.cr]robin.sloan.mr.penumbra.s.24.hour.bookstore.epub.torrent
2015-05-24 14:24 - 2015-05-24 14:24 - 00001456 _____ C:\Users\Cole\Downloads\[kat.cr]the.girl.on.the.train.by.paula.hawkins.epub.rose88.torrent
2015-05-24 14:17 - 2015-05-24 14:17 - 00002166 _____ C:\Users\Cole\Downloads\[kat.cr]pines.blake.crouch.epub.mobi (1).torrent
2015-05-24 14:16 - 2015-05-24 14:17 - 00002166 _____ C:\Users\Cole\Downloads\[kat.cr]pines.blake.crouch.epub.mobi.torrent
2015-05-24 12:06 - 2015-05-24 12:06 - 00001820 _____ C:\Users\Cole\Downloads\[kat.cr]blue.labyrinth.agent.pendergast.14.by.douglas.preston.and.lincoln.child.torrent
2015-05-24 12:02 - 2015-05-24 12:02 - 00003362 _____ C:\Users\Cole\Downloads\[kat.cr]white.fire.by.douglas.preston.and.lincoln.child.torrent
2015-05-24 11:59 - 2015-05-24 11:59 - 00001011 _____ C:\Users\Cole\Downloads\[kat.cr]douglas.preston.lincoln.child.extraction.pendergast.12.5.epub.plex.torrent
2015-05-24 11:50 - 2015-05-24 11:50 - 00001169 _____ C:\Users\Cole\Downloads\[kat.cr]child.lincoln.cold.vengeance.epub.zeke23.torrent
2015-05-24 11:42 - 2015-05-24 11:42 - 00005178 _____ C:\Users\Cole\Downloads\[kat.cr]blake.crouch.wayward.pines.trilogy.torrent
2015-05-24 11:17 - 2015-05-24 11:17 - 00046762 _____ C:\Users\Cole\Downloads\Fantasy_eBooks_Pack_1_[ePub_mobi]-(demonoid.pw)_11781708.742.TORRENT
2015-05-24 11:13 - 2015-05-24 11:13 - 00046762 _____ C:\Users\Cole\Downloads\Fantasy_eBooks_Pack_1_[ePub_mobi]-_=demonoid.pw=__11781708.742.TORRENT
2015-05-19 21:57 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Public\Juniper Networks
2015-05-19 21:57 - 2015-05-19 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-05-19 21:57 - 2014-08-05 02:43 - 00594032 _____ (Juniper Networks) C:\WINDOWS\system32\dsNcSmartCardProv.dll
2015-05-19 21:57 - 2014-08-05 02:43 - 00423536 _____ (Juniper Networks) C:\WINDOWS\system32\dsNcCredProv.dll
2015-05-19 21:56 - 2015-05-19 21:57 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:55 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:55 - 00000000 ____D C:\Users\Cole\AppData\Local\Juniper Networks
2015-05-12 22:52 - 2015-05-12 22:52 - 00571533 _____ C:\Users\Cole\Downloads\f6flpy-x64.zip
2015-05-12 18:09 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 18:09 - 2015-03-12 20:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 18:09 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-10 18:29 - 2015-05-10 18:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 20:16 - 2014-10-05 13:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-09 20:16 - 2014-10-05 13:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-09 20:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-09 20:02 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-09 19:50 - 2013-09-07 01:25 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{53D2B592-F84A-460B-BFCC-8913A4E4CAF5}
2015-06-09 19:49 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-07 21:36 - 2014-02-27 19:31 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA.job
2015-06-07 18:36 - 2014-02-27 19:31 - 00000914 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core.job
2015-06-07 18:10 - 2013-09-07 01:24 - 00000000 ____D C:\Users\Cole\AppData\Local\Packages
2015-06-07 09:45 - 2013-09-08 09:58 - 00000000 ____D C:\Users\Cole\Documents\Calibre Library
2015-06-07 09:42 - 2013-11-21 20:44 - 00000000 ____D C:\Users\Cole\AppData\Roaming\uTorrent
2015-06-07 09:36 - 2013-09-07 03:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-421480889-2455255382-358523555-1001
2015-06-07 09:11 - 2013-10-18 14:51 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-07 09:11 - 2013-09-08 08:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-07 09:11 - 2013-09-07 03:16 - 00000000 ____D C:\Users\Cole\AppData\Local\CrashDumps
2015-06-07 08:59 - 2013-09-07 01:42 - 00000000 ____D C:\Users\Cole\AppData\Local\Google
2015-06-07 08:59 - 2013-09-07 01:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-04 21:17 - 2015-03-10 22:01 - 00000000 ____D C:\Users\Cole\AppData\Local\Microsoft Help
2015-06-04 21:02 - 2013-09-19 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-04 21:02 - 2013-09-19 20:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-04 20:20 - 2015-02-11 23:13 - 00000000 ____D C:\Users\Cole\Desktop\Work
2015-05-27 12:06 - 2014-03-28 18:27 - 00000000 ____D C:\Users\Cole\Desktop\Important Docs
2015-05-25 14:51 - 2013-11-21 22:57 - 00000000 ____D C:\Users\Cole\Desktop\Books
2015-05-25 09:51 - 2013-09-07 01:42 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 19:21 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-05-12 18:23 - 2013-09-08 08:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-12 18:17 - 2013-09-08 08:45 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 18:14 - 2013-09-29 23:51 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-03-18 18:31 - 2015-03-18 18:32 - 0000093 _____ () C:\Users\Cole\AppData\Roaming\ARCompanion.log
2015-04-05 14:58 - 2015-04-05 14:58 - 0007606 _____ () C:\Users\Cole\AppData\Local\Resmon.ResmonCfg
2013-03-19 14:32 - 2013-03-19 14:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 19:03

==================== End of log ============================

 

 

And last

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Cole at 2015-06-09 20:50:55
Running from C:\Users\Cole\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-421480889-2455255382-358523555-500 - Administrator - Disabled)
Cole (S-1-5-21-421480889-2455255382-358523555-1001 - Administrator - Enabled) => C:\Users\Cole
Guest (S-1-5-21-421480889-2455255382-358523555-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{FFA77D12-F183-4B97-8AFC-F9FB7339287A}) (Version: 1.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Eleusis (HKLM-x32\...\Steam App 251310) (Version:  - Nocturnal works)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A64DC543-B6C3-4745-AAD6-AC9F1B765BCF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6457.0 - IDT)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.3.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Neoteris_Host_Checker) (Version: 7.4.0.32125 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.32125 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Juniper_Setup_Client) (Version: 7.4.13.48589 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21226 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
ShowPass Smartbar (HKLM-x32\...\{E10AF25A-EB67-4904-9211-DA0CDFE6051C}) (Version: 11.128.76.20716 - ReSoft Ltd.) <==== ATTENTION
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Spotify (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
The Last Express Gold Edition (HKLM-x32\...\Steam App 252710) (Version:  - DotEmu)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM-x32\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM-x32\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM-x32\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-421480889-2455255382-358523555-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

18-05-2015 20:29:29 Scheduled Checkpoint
27-05-2015 12:16:48 Scheduled Checkpoint
04-06-2015 20:47:13 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-19 21:57 - 2015-05-19 22:28 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0977701D-C2E2-4C25-9A0E-81C4E5779382} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-421480889-2455255382-358523555-1001
Task: {20B26C70-FE28-41C4-9893-BDBBAA6590EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {2A27A636-BF3B-43FA-808A-5F3BBFC838C1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2C072D9F-32B0-45B6-9736-364895A1E0C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {35E2CC74-99B5-4805-9228-26418EE5555A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {47F50B82-D26B-4ACB-82D1-CDC829BED414} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5BF0CA94-03BB-4750-9A2D-F6853318EB39} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {5E9065A3-4010-4C64-83F2-F4B969A575BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {611AF4B8-1DB8-48EA-9185-9C29516D3FDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {686B0372-4F87-4892-B276-D1BA6F53C222} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {6B5A5FB0-95B3-4C81-A605-4F12C60B408A} - \Tempo Runner cozahost No Task File <==== ATTENTION
Task: {6E0B772D-9D46-42D1-95A0-7488073E1933} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9371FA40-D70E-485E-A919-FE479D2E460E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A315FA78-43C9-44FA-AB34-191699A95449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {ADC17158-BAFF-4F57-9CCC-083CFB655C6B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {B093D636-DEF0-454B-948C-3F35AE26E066} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B8544FF7-9FE8-48FA-801B-2545B13A3DE3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-25] (Synaptics Incorporated)
Task: {BA27724D-F785-4A57-8D90-DAEB9CDB5F93} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BF715E1B-6BFD-4BA8-88CA-FE3FD40251E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {DF650006-F3A6-41AE-BCDB-6F04ABC42CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {E4A6C7B9-C449-4A55-A3F5-15A01909A1CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {F1D89647-BBF3-4980-9BF0-63D3B845A516} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core.job => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA.job => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-11 23:20 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2013-04-15 18:45 - 2013-04-15 18:45 - 00182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 18:45 - 2013-04-15 18:45 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2015-03-18 18:39 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00134144 _____ () C:\WINDOWS\system32\WinMetadata\Windows.ApplicationModel.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00096256 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Storage.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00020480 _____ () C:\WINDOWS\system32\WinMetadata\Windows.System.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00054784 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Globalization.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00169472 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Devices.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00112640 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Networking.winmd
2014-12-30 04:28 - 2014-12-30 04:28 - 05382656 _____ () C:\Program Files\WindowsApps\32988BernardoZamora.SolitaireHD_1.13.0.34_neutral__1fgex2kbsn6g8\Solitaire.exe
2014-11-28 18:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
2013-07-07 06:30 - 2013-03-21 10:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-21 18:13 - 2015-05-21 18:13 - 05803008 _____ () C:\Users\Cole\AppData\Local\Packages\32988BernardoZamora.SolitaireHD_1fgex2kbsn6g8\AC\Microsoft\CLR_v4.0_32\NativeImages\Solitaire\a51d3988f51a7402fd00657777af4b8f\Solitaire.ni.exe
2015-05-21 18:11 - 2015-05-21 18:11 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-04-12 09:54 - 2014-11-21 07:52 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-09-19 20:27 - 2013-09-19 20:29 - 00196176 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL
2015-03-18 18:39 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2013-08-21 14:18 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-03 17:36 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-28 13:47 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-08 08:21 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-18 18:39 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00562464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\urlmon.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00401184 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iertutil.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00412448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\WININET.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32service.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\servicemanager.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32event.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_socket.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ssl.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_hashlib.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\select.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ctypes.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32process.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32ts.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32profile.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32security.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00336160 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_bsddb.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32evtlog.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00024864 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32inet.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00021280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\EnvironmentID.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00053536 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pyexpat.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00038176 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\MEFWRDsc.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00188704 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\unicodedata.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00065824 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\DIProvider.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00017696 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\IECDriver.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Cole\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421480889-2455255382-358523555-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cole\Pictures\Jack Skellington.jpg
DNS Servers: 65.32.5.111 - 65.32.5.74

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3F386DFB3B085FF41B4FC731A399AF28"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7F3F436B-2984-4715-89A7-F7D5D494A61F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{500F28F5-D47D-442F-AD8F-892A0D0BCB49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{5382AC49-8BBE-4A5C-8486-F16EBAA87354}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8658C0FA-73E2-412C-9E3B-AF12AC23628E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8FBF3F0A-B8F3-48D4-8AF0-67050E5560FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{CC397507-F6DC-4D08-82E5-674E1E1D73D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{F9AC17EA-7264-4B58-9A39-0217F18DD0B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{EEA599CF-ACD8-4D36-964B-1E80DEDD2176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{15B6BC6C-65FF-4EC7-B459-8B7597071340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{3C105F7C-BA1E-4E1C-8EE6-8CC1572507AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{01B70557-4769-4777-804A-302F9805B8EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{11EA6EA9-DE25-46B1-A5D4-1A543E967595}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{9F862D32-B105-466F-BE26-6AD7FBEB85C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{9E97533D-10C8-4493-BE11-446AC95CF358}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{5F480766-CA97-4327-99D1-C77E0B523B6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{1D7CB3D4-F069-4554-9E27-9A858E1F59D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{335384E1-8D08-4E10-BED8-30420F46396D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{1D581318-BAF0-4A4E-8190-CAF44A6B67B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{B1D17916-55DE-4B51-8EF4-BC9F89C01781}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{B33E38DA-60B4-40E0-903F-315A27E7FD58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{75A079D0-52A7-4D10-A933-AAC4404294C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2D1CAEF7-BA87-4FB0-AC3C-782820A3FCE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F35B4A29-690C-4BCA-B2F1-D76B42108F9E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{DFD17F40-BB69-4280-B3AC-97256276C9BF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{231E81F2-CEEB-4BA5-BC73-D28C1662DB09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEC3AFCF-595B-4240-B315-0413C3E290C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E65FC77-2622-402E-90EA-0B9ED1A1D67F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCB94B78-947B-4E47-8962-A0FA37BCCC66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A1CE313-5CFA-4962-ADFC-DCD3C2DDC7D2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{886E021C-D88F-41E2-ABA4-7FF4DDF477C2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4F01F569-19C5-4265-B864-2D8028E69F1E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{53B19FF5-900C-4462-98BB-1883458A5239}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{21C8C340-2040-427F-B2FC-FF22EBC7794C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{012CB2F5-2175-4536-AB53-776ABAAED803}] => (Allow) LPort=1900
FirewallRules: [{783E95BA-C65A-4062-9D7C-1E90947192C0}] => (Allow) LPort=2869
FirewallRules: [{6B73C783-3720-4D25-958A-3A84150371B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{731B1E9F-31E5-4CEE-B47C-95A838763EE4}C:\users\cole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BA50C7F5-195E-4986-8B12-ABCF891EBA3F}C:\users\cole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cole\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8EB3354D-F0C0-4FD5-9F74-D38682658555}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E353194C-BD22-4AAA-8384-542E942A0F61}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25C04611-BD40-4A2D-A893-5F84F4990327}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{3E72D09D-E2F8-4433-A93B-C114DFC858AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{08199DBC-1F3B-4426-97C5-14A83CD4453E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{21DA28FF-3673-42BB-A305-AC1033933380}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{255A211D-7414-4698-B407-B2D9F0CB43F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{E55AF0E3-9F9D-4C1D-BB84-83B04CECA6AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{CCEDDC93-E9CA-4203-97E2-A7F9F0226CF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{A886BD4C-76DB-4E89-BA51-5149E2748E67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{F1215796-14D0-470A-99C9-355F43511FED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5372F082-B238-4772-8FEA-1E2F1D11A989}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{6B1EBB51-9A97-4398-998E-B4AEAF1D2449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{22F8B9C6-769E-464B-9E7F-F7D5DDC6AF15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{C964F334-61B4-4C4A-9B62-701FAD0D3656}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{C1516ED3-9BF2-4F9E-9573-986F0667E998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{4256B0D0-2078-4BA6-B49D-0EC550948260}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{C8659392-AFD9-43B7-A4F1-56FC83701D75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{ADA1B1F9-1112-4C7F-9F90-208D5CF3AD4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{D283D1E9-0249-4099-953C-F03D2235C9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{BAD4B1EC-E56B-4AFB-B33F-F6471953BA15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{24D69B70-ED8E-4978-A8ED-4824DF39FAED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{9EDB73B1-C99A-402B-85D8-B3CC66F0ECFB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F3603FD8-2325-4E22-8D21-6BD5144D8E8A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8CDAAFD-9E5C-45B2-88CD-E60539E48B75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{E2941CB0-2A48-4E23-9425-3B25513B2C13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{36F2F263-B2E3-49F6-A839-912F0E40E5FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{6F9B9A5B-18DD-4E3D-8025-C1EE85654676}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{05A33342-1247-4069-B521-E3ECFDC08C44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eleusis\Eleusis Game Launcher.exe
FirewallRules: [{D76C8BEE-223D-4757-BAED-73FBD6C0B9C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eleusis\Eleusis Game Launcher.exe
FirewallRules: [{764BB6BB-E6D9-409B-A550-E90F126F66AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{ADDC9431-23C0-40AF-94D9-6C304A15C248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{463056CE-DA10-4463-AE11-95A24F153632}] => (Allow) C:\Users\Cole\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E8AE52A5-9A71-494C-B241-D04971DE80A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A33CAC87-48C2-4F8A-8208-FFB603AA49D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1578E09-93CD-4A1F-B84D-80716893765B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{30A245B6-689E-452F-BC8A-CE20A46D3675}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{EBBF9A85-19B0-45AE-80D9-13AB971B31C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{380579AC-4FC8-4A92-8F1D-7D2E2B4980C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{3CE5283A-0C21-4D00-80DD-65F964FFA32F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{C1E8B145-C396-44C6-AB62-A34275C7757C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{0993A4A7-CF16-4A6D-A8D1-587606858BD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{010F60A2-BABF-4313-8866-380E2A89662C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{25FF6D7F-7A66-490A-865D-FD3561FF6D1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DCE05DF7-181C-4979-8CB9-BFFA8D139317}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2F5322E1-535C-4699-B595-EA1FB0ACA77B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 10:53:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:55:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:45:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:40:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:35:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:30:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:14:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 06:16:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: excel.exe, version: 15.0.4719.1000, time stamp: 0x552cf4af
Faulting module name: excel.exe, version: 15.0.4719.1000, time stamp: 0x552cf4af
Exception code: 0xc0000005
Fault offset: 0x008269cb
Faulting process id: 0x2b14
Faulting application start time: 0xexcel.exe0
Faulting application path: excel.exe1
Faulting module path: excel.exe2
Report Id: excel.exe3
Faulting package full name: excel.exe4
Faulting package-relative application ID: excel.exe5

Error: (06/07/2015 05:58:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093

Error: (06/07/2015 05:58:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1093

System errors:
=============
Error: (06/09/2015 08:45:33 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 08:44:59 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 08:44:21 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 07:50:08 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 07:48:38 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:19:15 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:18:45 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:18:14 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:17:44 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 08:06:27 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Microsoft Office:
=========================
Error: (06/08/2015 10:53:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:55:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:45:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:40:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:35:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:30:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:14:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 06:16:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: excel.exe15.0.4719.1000552cf4afexcel.exe15.0.4719.1000552cf4afc0000005008269cb2b1401d09f2b618c8046C:\Program Files\Microsoft Office 15\root\office15\excel.exeC:\Program Files\Microsoft Office 15\root\office15\excel.exee6541b0b-0d62-11e5-bea3-68172965a850

Error: (06/07/2015 05:58:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093

Error: (06/07/2015 05:58:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1093

CodeIntegrity Errors:
===================================
  Date: 2015-03-23 22:18:32.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 22:18:32.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-09 22:05:12.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-09 22:05:12.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-10 19:32:43.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-10 19:32:43.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 55%
Total physical RAM: 7964.15 MB
Available physical RAM: 3535.18 MB
Total Pagefile: 11804.15 MB
Available Pagefile: 6243.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:671.65 GB) (Free:551.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.87 GB) (Free:2.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EF0C38A7)

Partition: GPT Partition Type.

==================== End of log ============================

 



#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 09 June 2015 - 08:43 PM

Let me tell you how you infected this computer, your using the Torrents and [kickass-to] to download everything under the sun. I googled one of your downloads and my Pro Version of Malwarebytes blocked the site saying it was malicious .  You need to go into your downloads folder and delete it all but not the folder itself

 

You also need to go into Programs and Features in the Control Panel and uninstall uTorrent, your call on this but if you want to keep it and keep downloading this stuff your going to continue to infect your computer basically wasting my time. Not all but almost 100% of files downloaded via P2P (File Sharing ) are infected , it would be like playing Russian Roulette Malwarewise . Look through your Additions log, you will see that your firewall is letting anything you download via the torrents through to your system whether its good or bad

 

Download CKScanner
  •  
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 

 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 outtawack311

outtawack311
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 09 June 2015 - 09:59 PM

Oh I know how it was infected. I know the single file almost all of it came from too. I was too late to stop them from click the wrong button on a torrent site and they basically agreed to download and install a virus. I appreciate your help and you are not wasting your time. This was a one off situation and that person is no longer using those sites on her own. I already removed a rootkit from this computer, but I really have no knowledge of windows 8 and was not comfortable going any further on my own. It's been slower for two month and I didn't realize how bad it's gotten until I was forced to use it the other day when I ended up posting on here.

 

Although I didn't realize the firewall was letting everything under the sun through.

 

Here is the other scan

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_base.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\levels\textures\noise_cracked.tex
c:\program files (x86)\steam\steamapps\common\dont_starve\data\scripts\components\wisecracker.lua
c:\program files (x86)\steam\steamapps\common\dont_starve\mods\screecher\levels\textures\noise_cracked.tex
scanner sequence 3.CE.11.BXNALZ
 ----- EOF -----
 



#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 10 June 2015 - 05:12 AM

It looks like your copy of Steam maybe cracked or illegal, before we proceed you need uninstall Steam and uTorrent and clean out that downloads folder, when your done run a new scan with CKScanner and post the log, then open up FRST64, make sure Additions is checked , run a new scan and post both the FRST64 and Additions logs


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 outtawack311

outtawack311
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 10 June 2015 - 11:44 AM

Okay. I ran the first Ckscanner and it came back with the same results after I followed your instructions to uninstall steam, clear the dl folder, and uninstall utorrent.. Steam wasn't cracked and the game don't starve that these files are from was legitimately bought through a steam sale

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_base.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_ruins_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\anim\nightmare_crack_upper_fx.zip
c:\program files (x86)\steam\steamapps\common\dont_starve\data\levels\textures\noise_cracked.tex
c:\program files (x86)\steam\steamapps\common\dont_starve\data\scripts\components\wisecracker.lua
c:\program files (x86)\steam\steamapps\common\dont_starve\mods\screecher\levels\textures\noise_cracked.tex
scanner sequence 3.DD.11.DXLBLA
 ----- EOF -----

 

Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Cole (administrator) on COLEY on 10-06-2015 12:37:27
Running from C:\Users\Cole\Desktop
Loaded Profiles: Cole (Available Profiles: Cole)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\32988BernardoZamora.SolitaireHD_1.13.0.34_neutral__1fgex2kbsn6g8\Solitaire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Valve Corporation) C:\Config.Msi\a802e79.rbf
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
() C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ui\updateui.exe
(AVAST Software) C:\Users\Cole\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-03-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-02] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Spotify] => C:\Users\Cole\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Spotify Web Helper] => C:\Users\Cole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [Facebook Update] => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-27] (Facebook Inc.)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-421480889-2455255382-358523555-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
BHO-x32: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.maxhealth.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.74

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-421480889-2455255382-358523555-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cole\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cole\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-03-02] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-21] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-03-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-25] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-19] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\Cole\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Cole\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 12:25 - 2015-06-10 12:25 - 00468480 _____ () C:\Users\Cole\Desktop\CKScanner.exe
2015-06-09 22:58 - 2015-06-10 12:35 - 00000912 _____ C:\Users\Cole\Desktop\ckfiles.txt
2015-06-09 20:50 - 2015-06-09 20:53 - 00055221 _____ C:\Users\Cole\Desktop\Addition.txt
2015-06-09 20:49 - 2015-06-10 12:37 - 00024305 _____ C:\Users\Cole\Desktop\FRST.txt
2015-06-09 20:48 - 2015-06-10 12:37 - 00000000 ____D C:\FRST
2015-06-09 20:45 - 2015-06-09 20:45 - 02108928 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
2015-06-09 20:43 - 2015-06-09 20:43 - 00002036 _____ C:\Users\Cole\Desktop\aswMBR.txt
2015-06-09 20:43 - 2015-06-09 20:43 - 00000512 _____ C:\Users\Cole\Desktop\MBR.dat
2015-06-09 19:48 - 2015-06-09 19:49 - 05198336 _____ (AVAST Software) C:\Users\Cole\Desktop\aswMBR.exe
2015-06-07 18:16 - 2015-06-07 18:17 - 00000165 ____H C:\Users\Cole\Desktop\~$UHC Referral Tracker New.xlsx
2015-06-07 11:42 - 2015-06-07 11:42 - 00016525 _____ C:\Users\Cole\Desktop\hijackthis.log
2015-06-07 11:22 - 2015-06-10 12:32 - 01125789 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-07 09:13 - 2015-06-07 09:13 - 00536410 _____ C:\Users\Cole\Desktop\cc_20150607_091328.reg
2015-06-07 09:04 - 2015-06-07 09:05 - 00000000 ____D C:\Program Files\CCleaner
2015-06-07 09:04 - 2015-06-07 09:04 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-07 09:04 - 2015-06-07 09:04 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-07 09:04 - 2015-06-07 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-04 22:04 - 2015-06-04 22:10 - 00011999 ____H C:\Users\Cole\Documents\~WRL2588.tmp
2015-06-04 20:22 - 2015-06-07 18:48 - 00035514 _____ C:\Users\Cole\Desktop\UHC Referral Tracker New.xlsx
2015-05-19 21:57 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Public\Juniper Networks
2015-05-19 21:57 - 2015-05-19 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-05-19 21:57 - 2014-08-05 02:43 - 00594032 _____ (Juniper Networks) C:\WINDOWS\system32\dsNcSmartCardProv.dll
2015-05-19 21:57 - 2014-08-05 02:43 - 00423536 _____ (Juniper Networks) C:\WINDOWS\system32\dsNcCredProv.dll
2015-05-19 21:56 - 2015-05-19 21:57 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:55 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2015-05-19 21:55 - 2015-05-19 21:55 - 00000000 ____D C:\Users\Cole\AppData\Local\Juniper Networks
2015-05-12 18:09 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 18:09 - 2015-03-12 20:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 18:09 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 12:36 - 2014-02-27 19:31 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA.job
2015-06-10 12:27 - 2013-09-07 03:00 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-421480889-2455255382-358523555-1001
2015-06-10 12:23 - 2013-10-18 10:57 - 00000000 ____D C:\Users\Cole
2015-06-10 12:23 - 2013-09-08 08:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-10 12:22 - 2013-11-21 20:44 - 00000000 ____D C:\Users\Cole\AppData\Roaming\uTorrent
2015-06-10 12:16 - 2014-10-05 13:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-10 12:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 11:24 - 2013-09-07 01:25 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{53D2B592-F84A-460B-BFCC-8913A4E4CAF5}
2015-06-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-09 21:52 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-09 21:48 - 2013-09-08 08:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 21:37 - 2013-09-08 08:45 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 20:16 - 2014-10-05 13:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-07 18:36 - 2014-02-27 19:31 - 00000914 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core.job
2015-06-07 18:10 - 2013-09-07 01:24 - 00000000 ____D C:\Users\Cole\AppData\Local\Packages
2015-06-07 09:45 - 2013-09-08 09:58 - 00000000 ____D C:\Users\Cole\Documents\Calibre Library
2015-06-07 09:11 - 2013-10-18 14:51 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-07 09:11 - 2013-09-07 03:16 - 00000000 ____D C:\Users\Cole\AppData\Local\CrashDumps
2015-06-07 08:59 - 2013-09-07 01:42 - 00000000 ____D C:\Users\Cole\AppData\Local\Google
2015-06-07 08:59 - 2013-09-07 01:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-04 21:17 - 2015-03-10 22:01 - 00000000 ____D C:\Users\Cole\AppData\Local\Microsoft Help
2015-06-04 21:02 - 2013-09-19 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-04 21:02 - 2013-09-19 20:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-04 20:20 - 2015-02-11 23:13 - 00000000 ____D C:\Users\Cole\Desktop\Work
2015-05-27 12:06 - 2014-03-28 18:27 - 00000000 ____D C:\Users\Cole\Desktop\Important Docs
2015-05-25 14:51 - 2013-11-21 22:57 - 00000000 ____D C:\Users\Cole\Desktop\Books
2015-05-25 09:51 - 2013-09-07 01:42 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 19:21 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-05-12 18:14 - 2013-09-29 23:51 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-03-18 18:31 - 2015-03-18 18:32 - 0000093 _____ () C:\Users\Cole\AppData\Roaming\ARCompanion.log
2015-04-05 14:58 - 2015-04-05 14:58 - 0007606 _____ () C:\Users\Cole\AppData\Local\Resmon.ResmonCfg
2013-03-19 14:32 - 2013-03-19 14:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 19:03

==================== End of log ============================

 

 

Here is the addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Cole at 2015-06-10 12:38:51
Running from C:\Users\Cole\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-421480889-2455255382-358523555-500 - Administrator - Disabled)
Cole (S-1-5-21-421480889-2455255382-358523555-1001 - Administrator - Enabled) => C:\Users\Cole
Guest (S-1-5-21-421480889-2455255382-358523555-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{FFA77D12-F183-4B97-8AFC-F9FB7339287A}) (Version: 1.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A64DC543-B6C3-4745-AAD6-AC9F1B765BCF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6457.0 - IDT)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.3.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Neoteris_Host_Checker) (Version: 7.4.0.32125 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.32125 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Juniper_Setup_Client) (Version: 7.4.13.48589 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21226 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
ShowPass Smartbar (HKLM-x32\...\{E10AF25A-EB67-4904-9211-DA0CDFE6051C}) (Version: 11.128.76.20716 - ReSoft Ltd.) <==== ATTENTION
Spotify (HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-421480889-2455255382-358523555-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

27-05-2015 12:16:48 Scheduled Checkpoint
04-06-2015 20:47:13 Scheduled Checkpoint
09-06-2015 21:19:27 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-19 21:57 - 2015-05-19 22:28 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0977701D-C2E2-4C25-9A0E-81C4E5779382} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-421480889-2455255382-358523555-1001
Task: {20B26C70-FE28-41C4-9893-BDBBAA6590EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {2A27A636-BF3B-43FA-808A-5F3BBFC838C1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2C072D9F-32B0-45B6-9736-364895A1E0C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {35E2CC74-99B5-4805-9228-26418EE5555A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {47F50B82-D26B-4ACB-82D1-CDC829BED414} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5BF0CA94-03BB-4750-9A2D-F6853318EB39} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {5E9065A3-4010-4C64-83F2-F4B969A575BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {611AF4B8-1DB8-48EA-9185-9C29516D3FDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {686B0372-4F87-4892-B276-D1BA6F53C222} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {6B5A5FB0-95B3-4C81-A605-4F12C60B408A} - \Tempo Runner cozahost No Task File <==== ATTENTION
Task: {6E0B772D-9D46-42D1-95A0-7488073E1933} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9371FA40-D70E-485E-A919-FE479D2E460E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A315FA78-43C9-44FA-AB34-191699A95449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {ADC17158-BAFF-4F57-9CCC-083CFB655C6B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {B093D636-DEF0-454B-948C-3F35AE26E066} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B8544FF7-9FE8-48FA-801B-2545B13A3DE3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-25] (Synaptics Incorporated)
Task: {BA27724D-F785-4A57-8D90-DAEB9CDB5F93} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BF715E1B-6BFD-4BA8-88CA-FE3FD40251E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {DF650006-F3A6-41AE-BCDB-6F04ABC42CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {E4A6C7B9-C449-4A55-A3F5-15A01909A1CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {F1D89647-BBF3-4980-9BF0-63D3B845A516} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {F3460F1D-A7BC-40CC-AABC-C347B9F66582} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001Core.job => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-421480889-2455255382-358523555-1001UA.job => C:\Users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-11 23:20 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2013-04-15 18:45 - 2013-04-15 18:45 - 00182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 18:45 - 2013-04-15 18:45 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2015-03-18 18:39 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00134144 _____ () C:\WINDOWS\system32\WinMetadata\Windows.ApplicationModel.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00096256 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Storage.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00020480 _____ () C:\WINDOWS\system32\WinMetadata\Windows.System.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00054784 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Globalization.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00169472 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Devices.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00112640 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Networking.winmd
2014-12-30 04:28 - 2014-12-30 04:28 - 05382656 _____ () C:\Program Files\WindowsApps\32988BernardoZamora.SolitaireHD_1.13.0.34_neutral__1fgex2kbsn6g8\Solitaire.exe
2014-11-28 18:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
2015-05-09 11:05 - 2015-05-09 11:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-07-07 06:30 - 2013-03-21 10:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-21 18:13 - 2015-05-21 18:13 - 05803008 _____ () C:\Users\Cole\AppData\Local\Packages\32988BernardoZamora.SolitaireHD_1fgex2kbsn6g8\AC\Microsoft\CLR_v4.0_32\NativeImages\Solitaire\a51d3988f51a7402fd00657777af4b8f\Solitaire.ni.exe
2015-05-21 18:11 - 2015-05-21 18:11 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2015-05-21 18:12 - 2015-05-21 18:12 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-04-12 09:54 - 2014-11-21 07:52 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-09-19 20:27 - 2013-09-19 20:29 - 00196176 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL
2015-03-18 18:39 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2013-08-21 14:18 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-03 17:36 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-07 15:59 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-12 18:23 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-28 13:47 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-08 08:21 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-18 18:39 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00562464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\urlmon.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00401184 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iertutil.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00412448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\WININET.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32service.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\servicemanager.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32event.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_socket.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ssl.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_hashlib.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\select.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ctypes.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32process.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32ts.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32profile.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32security.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00336160 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_bsddb.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32evtlog.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00024864 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32inet.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00021280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\EnvironmentID.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00053536 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pyexpat.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00038176 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\MEFWRDsc.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00188704 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\unicodedata.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00065824 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\DIProvider.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00017696 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\IECDriver.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Cole\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421480889-2455255382-358523555-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cole\Pictures\Jack Skellington.jpg
DNS Servers: 65.32.5.111 - 65.32.5.74

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3F386DFB3B085FF41B4FC731A399AF28"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-421480889-2455255382-358523555-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7F3F436B-2984-4715-89A7-F7D5D494A61F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{500F28F5-D47D-442F-AD8F-892A0D0BCB49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{5382AC49-8BBE-4A5C-8486-F16EBAA87354}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8658C0FA-73E2-412C-9E3B-AF12AC23628E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8FBF3F0A-B8F3-48D4-8AF0-67050E5560FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{CC397507-F6DC-4D08-82E5-674E1E1D73D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe
FirewallRules: [{F9AC17EA-7264-4B58-9A39-0217F18DD0B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{EEA599CF-ACD8-4D36-964B-1E80DEDD2176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (V) Chronicles\PCTomb5.exe
FirewallRules: [{15B6BC6C-65FF-4EC7-B459-8B7597071340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{3C105F7C-BA1E-4E1C-8EE6-8CC1572507AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{01B70557-4769-4777-804A-302F9805B8EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{11EA6EA9-DE25-46B1-A5D4-1A543E967595}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{9F862D32-B105-466F-BE26-6AD7FBEB85C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{9E97533D-10C8-4493-BE11-446AC95CF358}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (I)\dosbox.exe
FirewallRules: [{5F480766-CA97-4327-99D1-C77E0B523B6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{1D7CB3D4-F069-4554-9E27-9A858E1F59D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{335384E1-8D08-4E10-BED8-30420F46396D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{1D581318-BAF0-4A4E-8190-CAF44A6B67B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (II)\Tomb2.exe
FirewallRules: [{B1D17916-55DE-4B51-8EF4-BC9F89C01781}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{B33E38DA-60B4-40E0-903F-315A27E7FD58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{75A079D0-52A7-4D10-A933-AAC4404294C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2D1CAEF7-BA87-4FB0-AC3C-782820A3FCE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F35B4A29-690C-4BCA-B2F1-D76B42108F9E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{DFD17F40-BB69-4280-B3AC-97256276C9BF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{231E81F2-CEEB-4BA5-BC73-D28C1662DB09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEC3AFCF-595B-4240-B315-0413C3E290C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E65FC77-2622-402E-90EA-0B9ED1A1D67F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCB94B78-947B-4E47-8962-A0FA37BCCC66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A1CE313-5CFA-4962-ADFC-DCD3C2DDC7D2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{886E021C-D88F-41E2-ABA4-7FF4DDF477C2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4F01F569-19C5-4265-B864-2D8028E69F1E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{53B19FF5-900C-4462-98BB-1883458A5239}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{21C8C340-2040-427F-B2FC-FF22EBC7794C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{012CB2F5-2175-4536-AB53-776ABAAED803}] => (Allow) LPort=1900
FirewallRules: [{783E95BA-C65A-4062-9D7C-1E90947192C0}] => (Allow) LPort=2869
FirewallRules: [{6B73C783-3720-4D25-958A-3A84150371B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{731B1E9F-31E5-4CEE-B47C-95A838763EE4}C:\users\cole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BA50C7F5-195E-4986-8B12-ABCF891EBA3F}C:\users\cole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cole\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8EB3354D-F0C0-4FD5-9F74-D38682658555}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E353194C-BD22-4AAA-8384-542E942A0F61}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25C04611-BD40-4A2D-A893-5F84F4990327}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{3E72D09D-E2F8-4433-A93B-C114DFC858AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{08199DBC-1F3B-4426-97C5-14A83CD4453E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{21DA28FF-3673-42BB-A305-AC1033933380}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{255A211D-7414-4698-B407-B2D9F0CB43F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{E55AF0E3-9F9D-4C1D-BB84-83B04CECA6AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{CCEDDC93-E9CA-4203-97E2-A7F9F0226CF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{A886BD4C-76DB-4E89-BA51-5149E2748E67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{F1215796-14D0-470A-99C9-355F43511FED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5372F082-B238-4772-8FEA-1E2F1D11A989}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{6B1EBB51-9A97-4398-998E-B4AEAF1D2449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{22F8B9C6-769E-464B-9E7F-F7D5DDC6AF15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{C964F334-61B4-4C4A-9B62-701FAD0D3656}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{C1516ED3-9BF2-4F9E-9573-986F0667E998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{4256B0D0-2078-4BA6-B49D-0EC550948260}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{C8659392-AFD9-43B7-A4F1-56FC83701D75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{ADA1B1F9-1112-4C7F-9F90-208D5CF3AD4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{D283D1E9-0249-4099-953C-F03D2235C9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{BAD4B1EC-E56B-4AFB-B33F-F6471953BA15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{24D69B70-ED8E-4978-A8ED-4824DF39FAED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{9EDB73B1-C99A-402B-85D8-B3CC66F0ECFB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F3603FD8-2325-4E22-8D21-6BD5144D8E8A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8CDAAFD-9E5C-45B2-88CD-E60539E48B75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{E2941CB0-2A48-4E23-9425-3B25513B2C13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{36F2F263-B2E3-49F6-A839-912F0E40E5FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{6F9B9A5B-18DD-4E3D-8025-C1EE85654676}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{05A33342-1247-4069-B521-E3ECFDC08C44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eleusis\Eleusis Game Launcher.exe
FirewallRules: [{D76C8BEE-223D-4757-BAED-73FBD6C0B9C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eleusis\Eleusis Game Launcher.exe
FirewallRules: [{764BB6BB-E6D9-409B-A550-E90F126F66AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{ADDC9431-23C0-40AF-94D9-6C304A15C248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{463056CE-DA10-4463-AE11-95A24F153632}] => (Allow) C:\Users\Cole\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E8AE52A5-9A71-494C-B241-D04971DE80A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A33CAC87-48C2-4F8A-8208-FFB603AA49D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1578E09-93CD-4A1F-B84D-80716893765B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{30A245B6-689E-452F-BC8A-CE20A46D3675}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{EBBF9A85-19B0-45AE-80D9-13AB971B31C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{380579AC-4FC8-4A92-8F1D-7D2E2B4980C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{3CE5283A-0C21-4D00-80DD-65F964FFA32F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{C1E8B145-C396-44C6-AB62-A34275C7757C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{0993A4A7-CF16-4A6D-A8D1-587606858BD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{010F60A2-BABF-4313-8866-380E2A89662C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{25FF6D7F-7A66-490A-865D-FD3561FF6D1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DCE05DF7-181C-4979-8CB9-BFFA8D139317}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2F5322E1-535C-4699-B595-EA1FB0ACA77B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 11:44:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 576c

Start Time: 01d0a39392c1188a

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 87985db9-0f87-11e5-bea3-68172965a850

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/10/2015 11:31:01 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2015 09:41:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2015 09:19:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/08/2015 10:53:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:55:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:45:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:40:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:35:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2015 09:30:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/10/2015 00:25:54 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 10:50:56 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 10:45:56 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 08:45:33 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 08:44:59 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 08:44:21 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 07:50:08 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/09/2015 07:48:38 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:19:15 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/07/2015 11:18:45 PM) (Source: DCOM) (EventID: 10010) (User: COLEY)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Microsoft Office:
=========================
Error: (06/10/2015 11:44:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415576c01d0a39392c1188a4294967295C:\WINDOWS\syswow64\wwahost.exe87985db9-0f87-11e5-bea3-68172965a850Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (06/10/2015 11:31:01 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/09/2015 09:41:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/09/2015 09:19:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/08/2015 10:53:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:55:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:45:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:40:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:35:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/07/2015 09:30:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

CodeIntegrity Errors:
===================================
  Date: 2015-06-09 22:52:04.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 22:52:04.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 22:18:32.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 22:18:32.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-09 22:05:12.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-09 22:05:12.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-10 19:32:43.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-10 19:32:43.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 57%
Total physical RAM: 7964.15 MB
Available physical RAM: 3347.34 MB
Total Pagefile: 11804.15 MB
Available Pagefile: 6210.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:671.65 GB) (Free:552.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.87 GB) (Free:2.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EF0C38A7)

Partition: GPT Partition Type.

==================== End of log ============================

 

 

Thank you.
 



#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 10 June 2015 - 12:25 PM

No problem with Steam if you say its legal.  I have seen even with legal copies of Steam that some people use the torrents to download games for free, but I think you know now thats not a good option if you want a malware free system

 

 
Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file FIXLIST, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . After you download it, open up FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Start
CloseProcesses:
CreateRestorePoint: 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
2015-06-10 12:22 - 2013-11-21 20:44 - 00000000 ____D C:\Users\Cole\AppData\Roaming\uTorrent
Task: {6B5A5FB0-95B3-4C81-A605-4F12C60B408A} - \Tempo Runner cozahost No Task File <==== ATTENTION
FirewallRules: [{8EB3354D-F0C0-4FD5-9F74-D38682658555}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E353194C-BD22-4AAA-8384-542E942A0F61}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
 
 
Also let me know if you feel your system is running a bit better

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#9 outtawack311

outtawack311
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 10 June 2015 - 04:45 PM

I ran the script and it is definitely faster overall, but the browser still seems slower than it should be. Instead of 30 seconds to a minute to start it was down to about 10. The new tabs are much faster than before.

 

*edit* I just closed the browser and reopened it and it was instantaneous. Definitely much better.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Cole at 2015-06-10 17:22:43 Run:1
Running from C:\Users\Cole\Desktop
Loaded Profiles: Cole (Available Profiles: Cole)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-421480889-2455255382-358523555-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
2015-06-10 12:22 - 2013-11-21 20:44 - 00000000 ____D C:\Users\Cole\AppData\Roaming\uTorrent
Task: {6B5A5FB0-95B3-4C81-A605-4F12C60B408A} - \Tempo Runner cozahost No Task File <==== ATTENTION
FirewallRules: [{8EB3354D-F0C0-4FD5-9F74-D38682658555}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E353194C-BD22-4AAA-8384-542E942A0F61}] => (Allow) C:\Users\Cole\AppData\Roaming\uTorrent\uTorrent.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-421480889-2455255382-358523555-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => key removed successfully
HKCR\Wow6432Node\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}} => key not found.
C:\Users\Cole\AppData\Roaming\uTorrent => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B5A5FB0-95B3-4C81-A605-4F12C60B408A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B5A5FB0-95B3-4C81-A605-4F12C60B408A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner cozahost" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EB3354D-F0C0-4FD5-9F74-D38682658555} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E353194C-BD22-4AAA-8384-542E942A0F61} => value removed successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 905.9 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 17:23:51 ====


Edited by outtawack311, 10 June 2015 - 04:48 PM.


#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 10 June 2015 - 06:21 PM

:thumbup2:

 

What browser are you talking about ?


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 outtawack311

outtawack311
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 10 June 2015 - 06:36 PM

Well I uninstalled Chrome when it wasn't allowing me to download adblocker and recreating the hosts file didn't work...so right now IE. Also, it's still giving me flushdns errors. Is that related to this same issue?



#12 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:03:41 PM

Posted 10 June 2015 - 06:44 PM

  • Open IE
  • Go to Tools> Internet Options > Advanced Tab
  • Reset Internet Explorer Setting
  • Reset
  • This will take a few seconds
  • Close IE and then reopen it and see if it helped

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:03:41 PM

    Posted 10 June 2015 - 06:46 PM

    With the last fix with FRST, we flushed the DNS Cache and also replaced  the hosts file with a current copy  so your good in that area


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 outtawack311

    outtawack311
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:03:41 PM

    Posted 10 June 2015 - 07:52 PM

    Thanks for all of your help. It seems to be fine now.



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:03:41 PM

    Posted 10 June 2015 - 08:00 PM

    Great, so glad things are back to normal for you

     

    Double click on AdwCleaner.exe to run the tool again.
    •  
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.
     
     
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
    •  
    • Windows XP Double Click DelFix.exe to run the program. 
    • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
    • Checkmark " Remove Disinfection Tools"
    • Click the Run button
     
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
    1. Keep Windows Up To Date, its important that you let windows install new updates when there available, this fixes insecurities in your system making it more secure
     
    2. Make sure you use an Antivirus Program, just one is needed, more than one is overkill and will hamper system performance, just use one, keep it updated and run regular scans
    Here are some free programs if you need one
    •  
     
     
     
     
     
    •  
     
     
     
    Safe Surfn
    Ken

     


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users