Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cleaning daughters laptop..something is still there though [Solved]


  • This topic is locked This topic is locked

#1
allforhimblog

allforhimblog

    Member

  • Member
  • PipPip
  • 98 posts

My daughter downloaded something for Minecraft and it downloaded lots of malware.  I think I've gotten it mostly cleaned up but there still something left I believe.  Attached are the frst logs

 

I've come here before and y'all were absolutely amazing, so for this, I'm grateful again!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Casey Craymer (administrator) on CASEYS-PC (06-08-2015 06:24:52)
Running from C:\Users\Casey Craymer\Downloads
Loaded Profiles: Casey Craymer (Available Profiles: Casey Craymer)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome
SearchScopes: HKLM -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.bing.com/...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2ED3EC6-EB0D-4F05-804F-7B7D9A236D4F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DD3DD6C3-9D3C-48C7-9335-673FF8F160E1}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-05]
 
Chrome: 
=======
CHR Profile: C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]
CHR Extension: (Google Search) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]
CHR Extension: (Google Sheets) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Avast Online Security) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-06]
CHR Extension: (Google Wallet) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (AdZap 
 Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]
CHR Extension: (Gmail) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-06 06:24 - 2015-08-06 06:25 - 00017660 _____ C:\Users\Casey Craymer\Downloads\FRST.txt
2015-08-06 06:24 - 2015-08-06 06:24 - 02169856 _____ (Farbar) C:\Users\Casey Craymer\Downloads\FRST64.exe
2015-08-06 06:24 - 2015-08-06 06:24 - 00000000 ____D C:\FRST
2015-08-06 06:10 - 2015-08-06 06:10 - 00001144 _____ C:\Users\Casey Craymer\Desktop\JRT.txt
2015-08-06 05:58 - 2015-08-06 05:58 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\GWX
2015-08-05 20:31 - 2015-06-27 23:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-05 20:31 - 2015-06-27 23:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-05 20:31 - 2015-06-27 23:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-05 20:31 - 2015-06-27 23:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-05 20:31 - 2015-06-27 10:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-05 20:31 - 2015-06-26 21:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-05 20:31 - 2015-06-26 21:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-05 20:31 - 2015-06-26 21:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-05 20:31 - 2015-06-26 20:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-08-05 20:31 - 2015-06-26 20:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-05 20:31 - 2015-06-26 20:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-05 20:31 - 2015-06-26 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-08-05 20:31 - 2015-06-26 19:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-05 20:31 - 2015-06-24 20:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-05 20:31 - 2015-06-15 16:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-05 20:31 - 2015-06-15 16:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-05 20:31 - 2015-06-15 15:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-05 20:31 - 2015-06-15 15:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-05 20:31 - 2015-06-15 14:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-05 20:31 - 2015-06-15 13:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-05 20:31 - 2015-05-07 11:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-05 20:31 - 2015-05-07 11:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-05 20:31 - 2015-05-07 10:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-05 20:31 - 2015-05-07 10:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-05 20:31 - 2015-05-07 09:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-08-05 20:31 - 2015-05-07 09:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-08-05 20:31 - 2015-05-02 18:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-08-05 20:31 - 2015-04-29 17:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-08-05 20:31 - 2015-04-24 20:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-08-05 20:31 - 2014-11-04 13:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-08-05 20:31 - 2014-11-04 13:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-08-05 20:31 - 2014-11-04 00:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-08-05 20:30 - 2015-07-09 13:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-05 20:30 - 2015-07-09 12:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-05 20:30 - 2015-07-09 10:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-05 20:30 - 2015-07-09 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-05 20:30 - 2015-07-09 09:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-05 20:30 - 2015-07-09 09:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-05 20:30 - 2015-07-09 09:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-05 20:30 - 2015-07-09 09:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-05 20:30 - 2015-07-09 09:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-05 20:30 - 2015-07-09 09:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-05 20:30 - 2015-07-09 09:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-05 20:30 - 2015-07-09 09:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-05 20:30 - 2015-07-09 09:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-05 20:30 - 2015-07-01 16:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-05 20:30 - 2015-07-01 15:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-05 20:30 - 2015-06-26 21:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-05 20:30 - 2015-06-26 21:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-05 20:30 - 2015-06-26 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-05 20:30 - 2015-05-30 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-08-05 20:30 - 2015-05-30 13:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-05 20:30 - 2015-05-30 13:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-05 20:30 - 2015-05-03 09:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 20:30 - 2015-05-03 08:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 20:30 - 2015-05-03 08:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-08-05 20:30 - 2015-05-03 08:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-08-05 20:29 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-05 20:29 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-05 20:29 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-05 20:29 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-05 20:29 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-05 20:29 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-05 20:29 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-05 20:29 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-05 20:28 - 2015-06-15 16:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-05 20:28 - 2015-06-15 16:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-05 20:28 - 2015-06-15 16:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-05 20:28 - 2015-06-15 16:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-05 20:28 - 2015-06-15 16:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-08-05 20:28 - 2015-06-15 15:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-05 20:28 - 2015-06-15 15:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-05 20:28 - 2015-06-15 15:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-05 20:28 - 2015-06-15 15:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-05 20:28 - 2015-06-15 15:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-05 20:28 - 2015-06-15 15:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-05 20:28 - 2015-06-15 15:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-05 20:28 - 2015-06-15 15:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-05 20:28 - 2015-06-15 15:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-05 20:28 - 2015-06-15 15:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-05 20:28 - 2015-06-15 15:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-05 20:28 - 2015-06-15 15:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-05 20:28 - 2015-06-15 15:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 20:28 - 2015-06-15 15:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-05 20:28 - 2015-06-15 14:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-05 20:28 - 2015-06-15 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-08-05 20:28 - 2015-06-15 14:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-05 20:28 - 2015-06-15 14:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-05 20:28 - 2015-06-15 14:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-05 20:28 - 2015-06-15 14:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-05 20:28 - 2015-06-15 14:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-05 20:28 - 2015-06-15 14:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-08-05 20:28 - 2015-06-15 14:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-05 20:28 - 2015-06-15 14:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-05 20:28 - 2015-06-15 14:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-05 20:28 - 2015-06-15 14:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-05 20:28 - 2015-06-15 14:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-05 20:28 - 2015-06-15 14:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-05 20:28 - 2015-06-10 21:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-05 20:28 - 2015-06-10 10:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-05 20:28 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-05 20:28 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-05 20:28 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-05 20:28 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-05 20:28 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-05 20:28 - 2015-05-12 07:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-08-05 20:26 - 2015-06-15 23:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-05 20:26 - 2015-06-15 23:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-05 20:26 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-05 20:26 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-05 20:26 - 2015-05-11 10:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-08-05 20:26 - 2015-05-03 09:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-08-05 20:26 - 2015-05-03 08:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-08-05 20:26 - 2015-05-01 17:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-05 20:25 - 2015-05-07 10:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-05 20:24 - 2015-07-25 07:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-05 20:24 - 2015-06-29 16:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-05 20:24 - 2015-06-29 09:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-05 20:24 - 2015-06-26 17:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-05 20:24 - 2015-06-26 17:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-05 20:24 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-05 20:24 - 2015-04-23 09:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-05 20:24 - 2015-04-23 09:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-05 20:23 - 2015-07-14 08:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-05 20:09 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-08-05 20:09 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-08-05 20:09 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-08-05 20:09 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-08-05 20:09 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-08-05 20:09 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-08-05 20:09 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-08-05 20:09 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-08-05 20:09 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-08-05 20:09 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-08-05 20:09 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-08-05 20:09 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-08-05 20:09 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-08-05 20:08 - 2015-04-16 00:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-08-05 20:08 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-08-05 20:08 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-08-05 20:08 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-08-05 20:08 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-08-05 20:08 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-08-05 20:08 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-08-05 20:08 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-08-05 20:08 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-08-05 20:08 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-08-05 20:08 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-08-05 20:08 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-08-05 20:08 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-08-05 20:08 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-08-05 19:11 - 2015-08-05 19:11 - 04923920 _____ (McAfee, Inc.) C:\Users\Casey Craymer\Downloads\MCPR.exe
2015-08-05 19:02 - 2015-08-05 19:02 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\AVAST Software
2015-08-05 19:01 - 2015-08-05 19:01 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 19:01 - 2015-08-05 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 18:59 - 2015-08-05 18:59 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 18:59 - 2015-08-05 18:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-05 18:59 - 2015-08-05 18:58 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-05 18:59 - 2015-08-05 18:58 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-05 18:58 - 2015-08-05 18:58 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-05 18:57 - 2015-08-05 18:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-05 18:54 - 2015-08-05 18:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-05 18:52 - 2015-08-05 19:12 - 00000384 _____ C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job
2015-08-05 18:52 - 2015-08-05 18:52 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCasey Craymer
2015-08-05 18:50 - 2015-08-05 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 18:49 - 2015-08-05 18:49 - 05685584 _____ (AVAST Software) C:\Users\Casey Craymer\Downloads\avast_free_antivirus_setup_online.exe
2015-08-05 18:49 - 2015-08-05 18:49 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-05 18:49 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-05 18:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-05 18:49 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-05 18:48 - 2015-08-05 18:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Casey Craymer\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-05 18:47 - 2015-08-05 18:47 - 02248704 _____ C:\Users\Casey Craymer\Desktop\AdwCleaner.exe
2015-08-05 18:44 - 2015-08-05 19:46 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 18:44 - 2015-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 18:43 - 2015-08-06 06:19 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 18:43 - 2015-08-06 05:48 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Google
2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 18:43 - 2015-08-05 18:43 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 18:43 - 2015-08-05 18:43 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 18:42 - 2015-08-05 18:43 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Deployment
2015-08-05 18:42 - 2015-08-05 18:42 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Apps\2.0
2015-08-05 18:32 - 2015-08-05 18:32 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-08-05 18:24 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-08-05 17:50 - 2015-08-06 06:15 - 00000000 ____D C:\AdwCleaner
2015-08-05 17:35 - 2015-08-05 18:30 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Casey Craymer\Desktop\JRT.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-06 06:26 - 2014-12-25 15:47 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7032B7AA-6923-4327-B1E4-E70FBBC92DFE}
2015-08-06 06:23 - 2014-12-25 15:12 - 00000000 ____D C:\Users\Casey Craymer\Documents\Youcam
2015-08-06 06:18 - 2013-08-22 08:46 - 00031409 _____ C:\Windows\setupact.log
2015-08-06 06:18 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 06:06 - 2014-12-25 15:10 - 01725398 _____ C:\Windows\WindowsUpdate.log
2015-08-06 06:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-06 04:34 - 2013-08-22 08:44 - 00354888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-06 04:32 - 2014-03-18 03:44 - 00071192 _____ C:\Windows\PFRO.log
2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\WinStore
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-06 04:19 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-06 04:02 - 2014-12-30 12:35 - 00000000 ____D C:\Windows\system32\MRT
2015-08-06 03:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno
2015-08-05 22:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-08-05 22:10 - 2014-12-25 15:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372550845-1202683925-3875372593-1001
2015-08-05 19:46 - 2015-06-04 11:01 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2015-08-05 19:14 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-05 19:05 - 2015-06-15 21:42 - 00000000 ____D C:\Windows\pss
2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files\OBS
2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-05 18:52 - 2014-12-25 15:10 - 00000000 ____D C:\Users\Casey Craymer
2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-08-05 18:48 - 2015-06-01 16:18 - 00003114 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001
2015-08-05 18:48 - 2015-04-16 15:22 - 00000000 ___RD C:\Users\Casey Craymer\OneDrive
2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini
2015-08-05 18:39 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-05 18:34 - 2014-08-14 15:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-08-05 18:24 - 2014-03-31 19:07 - 00000000 ____D C:\SWSetup
2015-08-05 17:27 - 2015-06-04 11:11 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\Open Download Manager
2015-08-05 17:27 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-04 17:10 - 2015-05-03 14:04 - 00000000 ____D C:\PaintToolSAI
2015-07-28 19:18 - 2015-05-29 19:18 - 00003208 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCASEYS-PC$
2015-07-28 19:18 - 2015-05-29 19:18 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job
2015-07-26 23:16 - 2015-04-12 13:58 - 00000000 ____D C:\Users\Casey Craymer\.gimp-2.8
2015-07-13 15:10 - 2015-05-22 20:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 15:10 - 2015-05-22 20:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp
2015-06-08 23:18 - 2015-06-22 15:13 - 0000098 _____ () C:\Users\Casey Craymer\AppData\Roaming\WB.CFG
2015-05-20 23:49 - 2015-05-25 14:58 - 0006144 _____ () C:\Users\Casey Craymer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-22 20:29 - 2015-06-22 20:29 - 0003389 _____ () C:\Users\Casey Craymer\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Casey Craymer\AppData\Local\Temp\DownPageDll.dll
C:\Users\Casey Craymer\AppData\Local\Temp\gb-installer-nsi.exe
C:\Users\Casey Craymer\AppData\Local\Temp\gb-update.exe
C:\Users\Casey Craymer\AppData\Local\Temp\nxp7yujv.dll
C:\Users\Casey Craymer\AppData\Local\Temp\Quarantine.exe
C:\Users\Casey Craymer\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Casey Craymer\AppData\Local\Temp\SpOrder.dll
C:\Users\Casey Craymer\AppData\Local\Temp\sqlite3.dll
C:\Users\Casey Craymer\AppData\Local\Temp\_is1705.exe
C:\Users\Casey Craymer\AppData\Local\Temp\_is6F46.exe
C:\Users\Casey Craymer\AppData\Local\Temp\_isD31F.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-06 03:52
 
==================== End of log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Casey Craymer (2015-08-06 06:26:56)
Running from C:\Users\Casey Craymer\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2372550845-1202683925-3875372593-500 - Administrator - Disabled)
Casey Craymer (S-1-5-21-2372550845-1202683925-3875372593-1001 - Administrator - Enabled) => C:\Users\Casey Craymer
Guest (S-1-5-21-2372550845-1202683925-3875372593-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.100 - Ezvid, inc.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Casey Craymer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
01-06-2015 16:08:27 Installed DirectX
05-08-2015 18:56:06 avast! antivirus system restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION
Task: {55AF833A-24CA-435F-8F53-137266434B61} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {70EC4B74-03B5-4C21-92C2-C7AF5369147A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {77046444-CE20-4C65-B8BE-EAAE0D98966D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {77081AA9-7DBE-4F12-BF54-8B1D05F98A3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7E6A0A41-4442-4C4F-A7F6-7801D7F3DDC9} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {848A1BE4-1017-433F-92E4-E0794018FB8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {8861313B-D366-4600-96E7-8A500ABA969A} - System32\Tasks\HPCeeScheduleForCASEYS-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8FBDF014-D105-4E95-940D-1697F3A37061} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)
Task: {8FD00FA0-25E0-4A09-BA92-3C57CF152895} - System32\Tasks\HPCeeScheduleForCasey Craymer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {90FEC829-55FA-4C4C-BABB-9C7DB1EEDA8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {99DF7F7E-4552-4926-8C29-2D25AE8F8639} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP HEALTH CHECK\ACTIVECHECK\PRODUCT_LINE\DETECTION_TOASTNOTIFY.EXE [2015-05-21] (Hewlett-Packard)
Task: {BDD68644-4562-4224-90F3-79F145D85E0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {D523CF7E-87FA-4908-8375-517F54DE1960} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc.                                            ) <==== ATTENTION
Task: {FE6330E4-DA99-4E4C-A5F6-672973822F8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-03 18:10 - 2015-02-26 16:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-08-05 18:58 - 2015-08-05 18:58 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-05 18:58 - 2015-08-05 18:58 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-06 04:34 - 2015-08-06 04:34 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080601\algo.dll
2015-08-05 18:58 - 2015-08-05 18:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Casey Craymer\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey Craymer\Pictures\inobkblrbgjinte.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: caa89563 => 2
MSCONFIG\Services: cae99edb => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: csrcc => 2
MSCONFIG\Services: d54b8bbd-6b74-4d90-b801-8120aa8b2438 => 2
MSCONFIG\Services: NetHttpService => 2
MSCONFIG\Services: PastaLeadsUpdaterService => 2
MSCONFIG\Services: PCTechHotlineSvc => 2
MSCONFIG\Services: scsvc_1.10.0.16 => 2
MSCONFIG\Services: SC_Svc => 2
MSCONFIG\Services: shopperz Updater => 2
MSCONFIG\Services: Update Edu App => 2
MSCONFIG\Services: UpdateCheck => 2
MSCONFIG\Services: Util Edu App => 2
MSCONFIG\Services: VOTPrx => 2
MSCONFIG\Services: WaInternetEnhancer Service => 2
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "SpywareClearShield"
HKLM\...\StartupApproved\Run: => "SpywareClearUpdater"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "WinCheck"
HKLM\...\StartupApproved\Run32: => "gmsd_us_657"
HKLM\...\StartupApproved\Run32: => "PCAcceleratePro"
HKLM\...\StartupApproved\Run32: => "PCTechHotline"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "pricefountainw.exe"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "PastaLeadsApplication"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Only-search"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Open Download Manager"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Super Optimizer"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "UpdateAdmin"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BCBDDDE-36A0-469E-93A3-891E98FF4E3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4346F0E9-FA1A-4E54-A09D-5CA6AABA2634}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{561D27B8-CCD3-4987-8217-EA388574677F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6282F28E-3B4C-44A7-9581-5C1BAA1A9A1C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B36BF27-B1A7-4509-90C1-E7AAA8769611}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F602CFE-A6CE-4E23-A97D-8D0CF6570A53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{2F37B2F5-BFED-4A6E-953B-4B9D1D7D919E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3C4D2BA5-ABC6-4875-BB7F-268C46BCB5F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{21E601CA-A1E3-430F-9097-BD279699E321}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A6845C23-8D37-4298-A6B9-8DB34CFA6C3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{24903623-7837-4485-AAE4-F14E21A66A36}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CD90F08F-9854-4D0A-A2F3-9B3E298B7DB8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A1C7DDA2-8C73-4361-89B7-2462C7162599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9590EF66-ADC1-4B55-B0A8-6275A5E12711}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E249434F-7E47-422A-A867-7142A35591F4}] => (Allow) LPort=2869
FirewallRules: [{D1692D05-788A-485E-BE29-AADF32D6DC3F}] => (Allow) LPort=1900
FirewallRules: [{3765D69D-1D59-47C3-B7C3-D12551091DFD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{590BB88D-7C81-495C-B4C7-7CAD60245295}] => (Allow) C:\Users\Casey Craymer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3FE72CB0-DAC8-466A-827A-65CB74CEA532}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{38F18DF2-7858-469D-AB47-BD260BFF6767}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{A2BC99B1-BEA7-4AC7-809A-4C0A8C406AD4}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{91F9FCEE-595B-42D9-A01A-95913DA6ACD6}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{0C8DA51A-FF70-4DD5-9288-832F3D93DDB0}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{1EA903D5-D351-4D46-9DF0-DD21FF762B1F}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{CC28F205-0133-4A59-A95D-43BCBD4B47E5}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{43394BF4-A812-424F-89A8-6411A9AAB88E}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{2CCD6CFA-3B03-4746-A019-31164B2EEF4C}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{815A3C12-7DEE-4186-9BDE-0EE42F4199CD}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{7A7E693B-1552-47E0-AF67-D58E401F14AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed
 
System Error:
Access is denied.
.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed
 
System Error:
Access is denied.
.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed
 
System Error:
Access is denied.
.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.
 
System Error:
Access is denied.
.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.
 
System Error:
Access is denied.
.
 
Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10010) (User: Caseys-PC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (08/06/2015 06:17:13 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/06/2015 06:17:08 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office:
=========================
Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral-2144927149
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed
 
System Error:
Access is denied.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed
 
System Error:
Access is denied.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed
 
System Error:
Access is denied.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.
 
System Error:
Access is denied.
 
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.
 
System Error:
Access is denied.
 
Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
 
Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
 
Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
 
Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
 
 
CodeIntegrity:
===================================
  Date: 2015-06-07 16:45:54.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:43:46.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:30:09.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:29:24.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:29:10.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:28:49.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 16:28:12.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-04 16:42:39.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-04 16:42:37.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-04 16:42:36.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 41%
Total physical RAM: 3986.95 MB
Available physical RAM: 2314.88 MB
Total Virtual: 5202.95 MB
Available Virtual: 3424.87 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.62 GB) (Free:397.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets get the young lass sorted out

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR Extension: (AdZap Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]
2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno
2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini
2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp
Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION
Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc. ) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
C:\Program Files (x86)\WaInternetEnhancer
C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Set Avast to detect these bad boys

Open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
pups.JPG
  • 0

#3
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Thanks sooo much for the quick response, attached are the two logs requested!!

 

 

fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Casey Craymer (2015-08-06 12:26:55) Run:1
Running from C:\Users\Casey Craymer\Desktop
Loaded Profiles: Casey Craymer (Available Profiles: Casey Craymer)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR Extension: (AdZap Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]
2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno
2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini
2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp
Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION
Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc. ) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
C:\Program Files (x86)\WaInternetEnhancer
C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. 
C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh folder not found
McAWFwk => service removed successfully
WaInternetEnhancer Service => service removed successfully
C:\ProgramData\BefvaUno => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection => moved successfully.
C:\Windows\SysWOW64\Oduvxhow.ini => moved successfully.
C:\Windows\SysWOW64\OduvxhowOff.ini => moved successfully.
C:\Windows\system32\OduvxhowOff.ini => moved successfully.
C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{243309CA-74DE-42D4-B545-8D7938BF0CFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{243309CA-74DE-42D4-B545-8D7938BF0CFF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7666804-AA43-4288-AFB7-270B769456B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7666804-AA43-4288-AFB7-270B769456B5}" => key removed successfully
C:\Windows\System32\Tasks\PaintTool SAI => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PaintTool SAI" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\VOTPrx" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\VOTw8" => key removed successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
"C:\Program Files (x86)\WaInternetEnhancer" => File/Folder not found.
C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp => moved successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2602:306:cefc:eda0:8808:6a56:514f:66b2
   Temporary IPv6 Address. . . . . . : 2602:306:cefc:eda0:71d6:bdeb:c8e1:2e79
   Link-local IPv6 Address . . . . . : fe80::8808:6a56:514f:66b2%14
   Default Gateway . . . . . . . . . : fe80::9a2c:beff:fe9f:62d1%14
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : attlocal.net
   IPv6 Address. . . . . . . . . . . : 2602:306:cefc:eda0:8808:6a56:514f:66b2
   Temporary IPv6 Address. . . . . . : 2602:306:cefc:eda0:71d6:bdeb:c8e1:2e79
   Link-local IPv6 Address . . . . . : fe80::8808:6a56:514f:66b2%14
   IPv4 Address. . . . . . . . . . . : 192.168.1.78
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::9a2c:beff:fe9f:62d1%14
                                       192.168.1.254
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {05D79593-E48B-4DA8-AC2F-14BC2E70ED83}.
Unable to cancel {8B3C4562-5376-4E4B-9E2D-0FDEBEE89017}.
Unable to cancel {264C5095-C670-4561-86BB-B2FB63B3942B}.
Unable to cancel {D6DF3E51-F6FC-441C-BB0B-305EFE0E9187}.
Unable to cancel {A7CCAC6E-E1D0-49A8-9699-D9877D5207A1}.
0 out of 5 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 12:28:44 ====
 
 
 
 
 
AdwCleaner

 

 

 

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 12:39:01
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Casey Craymer - CASEYS-PC
# Running from : C:\Users\Casey Craymer\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [19884 bytes] - [05/08/2015 17:50:07]
AdwCleaner[R1].txt - [2335 bytes] - [05/08/2015 17:58:44]
AdwCleaner[R2].txt - [4251 bytes] - [06/08/2015 06:00:04]
AdwCleaner[R3].txt - [1677 bytes] - [06/08/2015 06:10:47]
AdwCleaner[R4].txt - [1659 bytes] - [06/08/2015 06:14:44]
AdwCleaner[R5].txt - [1341 bytes] - [06/08/2015 12:37:16]
AdwCleaner[S0].txt - [18350 bytes] - [05/08/2015 17:52:25]
AdwCleaner[S1].txt - [1716 bytes] - [05/08/2015 18:00:09]
AdwCleaner[S2].txt - [3789 bytes] - [06/08/2015 06:01:37]
AdwCleaner[S3].txt - [1521 bytes] - [06/08/2015 06:12:57]
AdwCleaner[S4].txt - [1501 bytes] - [06/08/2015 06:15:55]
AdwCleaner[S5].txt - [1267 bytes] - [06/08/2015 12:39:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1326  bytes] ##########

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Malwarebytes scan was clean! The laptop appears to be running much better now.  The one thing that had me concerned was an installer program what would startup every time the system was rebooted and once the fixlist was ran that has since stopped.  Thanks sooooo much for your quick help with this, she'll be excited to have it back soon!!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/6/2015
Scan Time: 2:47 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.06.06
Rootkit Database: v2015.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Casey Craymer
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338008
Time Elapsed: 23 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye that was running as a startup task, and is no more :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
allforhimblog

allforhimblog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

done and done!! I'll keep my hands on it for another day or so, but everything looks great.  Again, I can't begin to thank you for your time!!!


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP