Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

cleaning daughters laptop..something is still there though [Solved]

Started by allforhimblog , Aug 06 2015 06:31 AM

This topic is locked

#1
allforhimblog

Posted 06 August 2015 - 06:31 AM

Member

Member
98 posts

My daughter downloaded something for Minecraft and it downloaded lots of malware. I think I've gotten it mostly cleaned up but there still something left I believe. Attached are the frst logs

I've come here before and y'all were absolutely amazing, so for this, I'm grateful again!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01

Ran by Casey Craymer (administrator) on CASEYS-PC (06-08-2015 06:24:52)

Running from C:\Users\Casey Craymer\Downloads

Loaded Profiles: Casey Craymer (Available Profiles: Casey Craymer)

Platform: Windows 8.1 Connected (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:47574

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome

SearchScopes: HKLM -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKLM-x32 -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {4EF6F0A9-5F5C-4114-BBDC-F318FA308093} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.bing.com/...q={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{D2ED3EC6-EB0D-4F05-804F-7B7D9A236D4F}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{DD3DD6C3-9D3C-48C7-9335-673FF8F160E1}: [DhcpNameServer] 192.168.1.254

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()

FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-05]

Chrome:

=======

CHR Profile: C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]

CHR Extension: (Google Docs) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]

CHR Extension: (Google Drive) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]

CHR Extension: (YouTube) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]

CHR Extension: (Google Search) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]

CHR Extension: (Google Sheets) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]

CHR Extension: (Avast Online Security) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-06]

CHR Extension: (Google Wallet) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]

CHR Extension: (AdZap

Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]

CHR Extension: (Gmail) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)

S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]

S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 06:24 - 2015-08-06 06:25 - 00017660 _____ C:\Users\Casey Craymer\Downloads\FRST.txt

2015-08-06 06:24 - 2015-08-06 06:24 - 02169856 _____ (Farbar) C:\Users\Casey Craymer\Downloads\FRST64.exe

2015-08-06 06:24 - 2015-08-06 06:24 - 00000000 ____D C:\FRST

2015-08-06 06:10 - 2015-08-06 06:10 - 00001144 _____ C:\Users\Casey Craymer\Desktop\JRT.txt

2015-08-06 05:58 - 2015-08-06 05:58 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\GWX

2015-08-05 20:31 - 2015-06-27 23:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-08-05 20:31 - 2015-06-27 23:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-08-05 20:31 - 2015-06-27 23:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-08-05 20:31 - 2015-06-27 23:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-08-05 20:31 - 2015-06-27 10:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-08-05 20:31 - 2015-06-26 21:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-08-05 20:31 - 2015-06-26 21:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-08-05 20:31 - 2015-06-26 21:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-08-05 20:31 - 2015-06-26 20:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-08-05 20:31 - 2015-06-26 20:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-08-05 20:31 - 2015-06-26 20:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-08-05 20:31 - 2015-06-26 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-08-05 20:31 - 2015-06-26 19:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-08-05 20:31 - 2015-06-24 20:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-08-05 20:31 - 2015-06-15 16:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2015-08-05 20:31 - 2015-06-15 16:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-08-05 20:31 - 2015-06-15 15:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

2015-08-05 20:31 - 2015-06-15 15:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2015-08-05 20:31 - 2015-06-15 14:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-08-05 20:31 - 2015-06-15 13:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-08-05 20:31 - 2015-05-07 11:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-08-05 20:31 - 2015-05-07 11:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2015-08-05 20:31 - 2015-05-07 10:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-08-05 20:31 - 2015-05-07 10:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2015-08-05 20:31 - 2015-05-07 09:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll

2015-08-05 20:31 - 2015-05-07 09:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll

2015-08-05 20:31 - 2015-05-02 18:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-08-05 20:31 - 2015-04-29 17:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll

2015-08-05 20:31 - 2015-04-24 20:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2015-08-05 20:31 - 2014-11-04 13:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys

2015-08-05 20:31 - 2014-11-04 13:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys

2015-08-05 20:31 - 2014-11-04 00:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys

2015-08-05 20:31 - 2014-11-04 00:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys

2015-08-05 20:31 - 2014-11-04 00:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys

2015-08-05 20:31 - 2014-11-04 00:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys

2015-08-05 20:30 - 2015-07-09 13:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-08-05 20:30 - 2015-07-09 12:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-08-05 20:30 - 2015-07-09 10:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-08-05 20:30 - 2015-07-09 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-08-05 20:30 - 2015-07-09 09:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-08-05 20:30 - 2015-07-09 09:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-08-05 20:30 - 2015-07-09 09:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-08-05 20:30 - 2015-07-09 09:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-08-05 20:30 - 2015-07-09 09:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-08-05 20:30 - 2015-07-09 09:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-08-05 20:30 - 2015-07-09 09:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-08-05 20:30 - 2015-07-09 09:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-08-05 20:30 - 2015-07-09 09:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-08-05 20:30 - 2015-07-01 16:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-08-05 20:30 - 2015-07-01 15:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-08-05 20:30 - 2015-06-26 21:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-08-05 20:30 - 2015-06-26 21:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-08-05 20:30 - 2015-06-26 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-08-05 20:30 - 2015-05-30 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-08-05 20:30 - 2015-05-30 13:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-08-05 20:30 - 2015-05-30 13:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-08-05 20:30 - 2015-05-03 09:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-08-05 20:30 - 2015-05-03 08:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-08-05 20:30 - 2015-05-03 08:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2015-08-05 20:30 - 2015-05-03 08:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2015-08-05 20:29 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-08-05 20:29 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-08-05 20:29 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-08-05 20:29 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-08-05 20:29 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-08-05 20:29 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-08-05 20:29 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-08-05 20:29 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-08-05 20:28 - 2015-06-15 16:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-08-05 20:28 - 2015-06-15 16:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-08-05 20:28 - 2015-06-15 16:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-08-05 20:28 - 2015-06-15 16:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-08-05 20:28 - 2015-06-15 16:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2015-08-05 20:28 - 2015-06-15 15:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-08-05 20:28 - 2015-06-15 15:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-08-05 20:28 - 2015-06-15 15:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-08-05 20:28 - 2015-06-15 15:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-08-05 20:28 - 2015-06-15 15:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-08-05 20:28 - 2015-06-15 15:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-08-05 20:28 - 2015-06-15 15:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-08-05 20:28 - 2015-06-15 15:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-08-05 20:28 - 2015-06-15 15:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-08-05 20:28 - 2015-06-15 15:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-08-05 20:28 - 2015-06-15 15:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-08-05 20:28 - 2015-06-15 15:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-08-05 20:28 - 2015-06-15 15:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-08-05 20:28 - 2015-06-15 15:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-08-05 20:28 - 2015-06-15 14:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-08-05 20:28 - 2015-06-15 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2015-08-05 20:28 - 2015-06-15 14:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-08-05 20:28 - 2015-06-15 14:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-08-05 20:28 - 2015-06-15 14:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-08-05 20:28 - 2015-06-15 14:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-08-05 20:28 - 2015-06-15 14:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-08-05 20:28 - 2015-06-15 14:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-08-05 20:28 - 2015-06-15 14:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-08-05 20:28 - 2015-06-15 14:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-08-05 20:28 - 2015-06-15 14:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-08-05 20:28 - 2015-06-15 14:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2015-08-05 20:28 - 2015-06-15 14:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-08-05 20:28 - 2015-06-15 14:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-08-05 20:28 - 2015-06-10 21:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-08-05 20:28 - 2015-06-10 10:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-08-05 20:28 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-08-05 20:28 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-08-05 20:28 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-08-05 20:28 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-08-05 20:28 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-08-05 20:28 - 2015-05-12 07:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll

2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls

2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\system32\locale.nls

2015-08-05 20:26 - 2015-06-15 23:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2015-08-05 20:26 - 2015-06-15 23:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2015-08-05 20:26 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-08-05 20:26 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-08-05 20:26 - 2015-05-11 10:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll

2015-08-05 20:26 - 2015-05-03 09:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2015-08-05 20:26 - 2015-05-03 08:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2015-08-05 20:26 - 2015-05-01 17:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml

2015-08-05 20:25 - 2015-05-07 10:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-08-05 20:24 - 2015-07-25 07:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-08-05 20:24 - 2015-06-29 16:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-08-05 20:24 - 2015-06-29 09:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-08-05 20:24 - 2015-06-29 09:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-08-05 20:24 - 2015-06-29 09:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-08-05 20:24 - 2015-06-29 09:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-08-05 20:24 - 2015-06-26 17:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-08-05 20:24 - 2015-06-26 17:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-08-05 20:24 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-08-05 20:24 - 2015-04-23 09:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll

2015-08-05 20:24 - 2015-04-23 09:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

2015-08-05 20:23 - 2015-07-14 08:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-08-05 20:23 - 2015-07-14 08:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-08-05 20:23 - 2015-07-14 08:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-08-05 20:23 - 2015-07-14 08:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-08-05 20:09 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-08-05 20:09 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2015-08-05 20:09 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll

2015-08-05 20:09 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll

2015-08-05 20:09 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll

2015-08-05 20:09 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll

2015-08-05 20:09 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll

2015-08-05 20:09 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll

2015-08-05 20:09 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll

2015-08-05 20:09 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll

2015-08-05 20:09 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2015-08-05 20:09 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll

2015-08-05 20:09 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll

2015-08-05 20:08 - 2015-04-16 00:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2015-08-05 20:08 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2015-08-05 20:08 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2015-08-05 20:08 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2015-08-05 20:08 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2015-08-05 20:08 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2015-08-05 20:08 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2015-08-05 20:08 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2015-08-05 20:08 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2015-08-05 20:08 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2015-08-05 20:08 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2015-08-05 20:08 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2015-08-05 20:08 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2015-08-05 20:08 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2015-08-05 19:11 - 2015-08-05 19:11 - 04923920 _____ (McAfee, Inc.) C:\Users\Casey Craymer\Downloads\MCPR.exe

2015-08-05 19:02 - 2015-08-05 19:02 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\AVAST Software

2015-08-05 19:01 - 2015-08-05 19:01 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-08-05 19:01 - 2015-08-05 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-08-05 18:59 - 2015-08-05 18:59 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-08-05 18:59 - 2015-08-05 18:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2015-08-05 18:59 - 2015-08-05 18:59 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2015-08-05 18:59 - 2015-08-05 18:58 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2015-08-05 18:59 - 2015-08-05 18:58 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-08-05 18:58 - 2015-08-05 18:58 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-08-05 18:57 - 2015-08-05 18:57 - 00000000 ____D C:\Program Files\AVAST Software

2015-08-05 18:54 - 2015-08-05 18:54 - 00000000 ____D C:\ProgramData\AVAST Software

2015-08-05 18:52 - 2015-08-05 19:12 - 00000384 _____ C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job

2015-08-05 18:52 - 2015-08-05 18:52 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCasey Craymer

2015-08-05 18:50 - 2015-08-05 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-08-05 18:49 - 2015-08-05 18:49 - 05685584 _____ (AVAST Software) C:\Users\Casey Craymer\Downloads\avast_free_antivirus_setup_online.exe

2015-08-05 18:49 - 2015-08-05 18:49 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-08-05 18:49 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-08-05 18:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-08-05 18:49 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-08-05 18:48 - 2015-08-05 18:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Casey Craymer\Downloads\mbam-setup-2.1.8.1057.exe

2015-08-05 18:47 - 2015-08-05 18:47 - 02248704 _____ C:\Users\Casey Craymer\Desktop\AdwCleaner.exe

2015-08-05 18:44 - 2015-08-05 19:46 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-08-05 18:44 - 2015-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-08-05 18:43 - 2015-08-06 06:19 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-08-05 18:43 - 2015-08-06 05:48 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Google

2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Program Files (x86)\Google

2015-08-05 18:43 - 2015-08-05 18:43 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-08-05 18:43 - 2015-08-05 18:43 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-08-05 18:42 - 2015-08-05 18:43 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Deployment

2015-08-05 18:42 - 2015-08-05 18:42 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Apps\2.0

2015-08-05 18:32 - 2015-08-05 18:32 - 00000000 ____D C:\Program Files (x86)\Cisco

2015-08-05 18:24 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll

2015-08-05 17:50 - 2015-08-06 06:15 - 00000000 ____D C:\AdwCleaner

2015-08-05 17:35 - 2015-08-05 18:30 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Casey Craymer\Desktop\JRT.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 06:26 - 2014-12-25 15:47 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7032B7AA-6923-4327-B1E4-E70FBBC92DFE}

2015-08-06 06:23 - 2014-12-25 15:12 - 00000000 ____D C:\Users\Casey Craymer\Documents\Youcam

2015-08-06 06:18 - 2013-08-22 08:46 - 00031409 _____ C:\Windows\setupact.log

2015-08-06 06:18 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-08-06 06:06 - 2014-12-25 15:10 - 01725398 _____ C:\Windows\WindowsUpdate.log

2015-08-06 06:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru

2015-08-06 04:34 - 2013-08-22 08:44 - 00354888 _____ C:\Windows\system32\FNTCACHE.DAT

2015-08-06 04:32 - 2014-03-18 03:44 - 00071192 _____ C:\Windows\PFRO.log

2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\system32\GWX

2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ____D C:\Windows\system32\appraiser

2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData

2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\WinStore

2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-08-06 04:19 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp

2015-08-06 04:02 - 2014-12-30 12:35 - 00000000 ____D C:\Windows\system32\MRT

2015-08-06 03:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness

2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno

2015-08-05 22:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache

2015-08-05 22:10 - 2014-12-25 15:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372550845-1202683925-3875372593-1001

2015-08-05 19:46 - 2015-06-04 11:01 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager

2015-08-05 19:14 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP

2015-08-05 19:05 - 2015-06-15 21:42 - 00000000 ____D C:\Windows\pss

2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files\OBS

2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files (x86)\OBS

2015-08-05 18:52 - 2014-12-25 15:10 - 00000000 ____D C:\Users\Casey Craymer

2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro

2015-08-05 18:48 - 2015-06-01 16:18 - 00003114 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001

2015-08-05 18:48 - 2015-04-16 15:22 - 00000000 ___RD C:\Users\Casey Craymer\OneDrive

2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini

2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini

2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini

2015-08-05 18:39 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2015-08-05 18:34 - 2014-08-14 15:57 - 00000000 ____D C:\Program Files (x86)\Realtek

2015-08-05 18:24 - 2014-03-31 19:07 - 00000000 ____D C:\SWSetup

2015-08-05 17:27 - 2015-06-04 11:11 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\Open Download Manager

2015-08-05 17:27 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-08-04 17:10 - 2015-05-03 14:04 - 00000000 ____D C:\PaintToolSAI

2015-07-28 19:18 - 2015-05-29 19:18 - 00003208 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCASEYS-PC$

2015-07-28 19:18 - 2015-05-29 19:18 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job

2015-07-26 23:16 - 2015-04-12 13:58 - 00000000 ____D C:\Users\Casey Craymer\.gimp-2.8

2015-07-13 15:10 - 2015-05-22 20:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-13 15:10 - 2015-05-22 20:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp

2015-06-08 23:18 - 2015-06-22 15:13 - 0000098 _____ () C:\Users\Casey Craymer\AppData\Roaming\WB.CFG

2015-05-20 23:49 - 2015-05-25 14:58 - 0006144 _____ () C:\Users\Casey Craymer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-06-22 20:29 - 2015-06-22 20:29 - 0003389 _____ () C:\Users\Casey Craymer\AppData\Local\recently-used.xbel

Some files in TEMP:

====================

C:\Users\Casey Craymer\AppData\Local\Temp\DownPageDll.dll

C:\Users\Casey Craymer\AppData\Local\Temp\gb-installer-nsi.exe

C:\Users\Casey Craymer\AppData\Local\Temp\gb-update.exe

C:\Users\Casey Craymer\AppData\Local\Temp\nxp7yujv.dll

C:\Users\Casey Craymer\AppData\Local\Temp\Quarantine.exe

C:\Users\Casey Craymer\AppData\Local\Temp\Setup-Wacom.exe

C:\Users\Casey Craymer\AppData\Local\Temp\SpOrder.dll

C:\Users\Casey Craymer\AppData\Local\Temp\sqlite3.dll

C:\Users\Casey Craymer\AppData\Local\Temp\_is1705.exe

C:\Users\Casey Craymer\AppData\Local\Temp\_is6F46.exe

C:\Users\Casey Craymer\AppData\Local\Temp\_isD31F.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-06 03:52

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01

Ran by Casey Craymer (2015-08-06 06:26:56)

Running from C:\Users\Casey Craymer\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2372550845-1202683925-3875372593-500 - Administrator - Disabled)

Casey Craymer (S-1-5-21-2372550845-1202683925-3875372593-1001 - Administrator - Enabled) => C:\Users\Casey Craymer

Guest (S-1-5-21-2372550845-1202683925-3875372593-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden

Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.100 - Ezvid, inc.)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

FindingDiscount (HKLM-x32\...\FindingDiscount) (Version: - )

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)

HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden

Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)

Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden

Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden

Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Casey Craymer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

01-06-2015 16:08:27 Installed DirectX

05-08-2015 18:56:06 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION

Task: {55AF833A-24CA-435F-8F53-137266434B61} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

Task: {70EC4B74-03B5-4C21-92C2-C7AF5369147A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {77046444-CE20-4C65-B8BE-EAAE0D98966D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)

Task: {77081AA9-7DBE-4F12-BF54-8B1D05F98A3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {7E6A0A41-4442-4C4F-A7F6-7801D7F3DDC9} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {848A1BE4-1017-433F-92E4-E0794018FB8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)

Task: {8861313B-D366-4600-96E7-8A500ABA969A} - System32\Tasks\HPCeeScheduleForCASEYS-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {8FBDF014-D105-4E95-940D-1697F3A37061} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)

Task: {8FD00FA0-25E0-4A09-BA92-3C57CF152895} - System32\Tasks\HPCeeScheduleForCasey Craymer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {90FEC829-55FA-4C4C-BABB-9C7DB1EEDA8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)

Task: {99DF7F7E-4552-4926-8C29-2D25AE8F8639} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP HEALTH CHECK\ACTIVECHECK\PRODUCT_LINE\DETECTION_TOASTNOTIFY.EXE [2015-05-21] (Hewlett-Packard)

Task: {BDD68644-4562-4224-90F3-79F145D85E0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)

Task: {D523CF7E-87FA-4908-8375-517F54DE1960} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)

Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc. ) <==== ATTENTION

Task: {FE6330E4-DA99-4E4C-A5F6-672973822F8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll

2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll

2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll

2015-05-03 18:10 - 2015-02-26 16:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll

2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

2015-08-05 18:58 - 2015-08-05 18:58 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-08-05 18:58 - 2015-08-05 18:58 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-08-06 04:34 - 2015-08-06 04:34 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080601\algo.dll

2015-08-05 18:58 - 2015-08-05 18:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-08-05 18:44 - 2015-07-31 00:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll

2015-08-05 18:44 - 2015-07-31 00:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll

2015-08-05 18:44 - 2015-07-31 00:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Casey Craymer\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey Craymer\Pictures\inobkblrbgjinte.png

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: caa89563 => 2

MSCONFIG\Services: cae99edb => 2

MSCONFIG\Services: CltMngSvc => 2

MSCONFIG\Services: csrcc => 2

MSCONFIG\Services: d54b8bbd-6b74-4d90-b801-8120aa8b2438 => 2

MSCONFIG\Services: NetHttpService => 2

MSCONFIG\Services: PastaLeadsUpdaterService => 2

MSCONFIG\Services: PCTechHotlineSvc => 2

MSCONFIG\Services: scsvc_1.10.0.16 => 2

MSCONFIG\Services: SC_Svc => 2

MSCONFIG\Services: shopperz Updater => 2

MSCONFIG\Services: Update Edu App => 2

MSCONFIG\Services: UpdateCheck => 2

MSCONFIG\Services: Util Edu App => 2

MSCONFIG\Services: VOTPrx => 2

MSCONFIG\Services: WaInternetEnhancer Service => 2

HKLM\...\StartupApproved\Run: => "3D BubbleSound"

HKLM\...\StartupApproved\Run: => "shopperz"

HKLM\...\StartupApproved\Run: => "shopperz64"

HKLM\...\StartupApproved\Run: => "SpywareClearShield"

HKLM\...\StartupApproved\Run: => "SpywareClearUpdater"

HKLM\...\StartupApproved\Run32: => "SmartWeb"

HKLM\...\StartupApproved\Run32: => "WinCheck"

HKLM\...\StartupApproved\Run32: => "gmsd_us_657"

HKLM\...\StartupApproved\Run32: => "PCAcceleratePro"

HKLM\...\StartupApproved\Run32: => "PCTechHotline"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "pricefountainw.exe"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "PastaLeadsApplication"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Only-search"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Open Download Manager"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Optimizer Pro"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Super Optimizer"

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "UpdateAdmin"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{5BCBDDDE-36A0-469E-93A3-891E98FF4E3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4346F0E9-FA1A-4E54-A09D-5CA6AABA2634}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{561D27B8-CCD3-4987-8217-EA388574677F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{6282F28E-3B4C-44A7-9581-5C1BAA1A9A1C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0B36BF27-B1A7-4509-90C1-E7AAA8769611}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{0F602CFE-A6CE-4E23-A97D-8D0CF6570A53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

FirewallRules: [{2F37B2F5-BFED-4A6E-953B-4B9D1D7D919E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

FirewallRules: [{3C4D2BA5-ABC6-4875-BB7F-268C46BCB5F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe

FirewallRules: [{21E601CA-A1E3-430F-9097-BD279699E321}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{A6845C23-8D37-4298-A6B9-8DB34CFA6C3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe

FirewallRules: [{24903623-7837-4485-AAE4-F14E21A66A36}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{CD90F08F-9854-4D0A-A2F3-9B3E298B7DB8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{A1C7DDA2-8C73-4361-89B7-2462C7162599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{9590EF66-ADC1-4B55-B0A8-6275A5E12711}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{E249434F-7E47-422A-A867-7142A35591F4}] => (Allow) LPort=2869

FirewallRules: [{D1692D05-788A-485E-BE29-AADF32D6DC3F}] => (Allow) LPort=1900

FirewallRules: [{3765D69D-1D59-47C3-B7C3-D12551091DFD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{590BB88D-7C81-495C-B4C7-7CAD60245295}] => (Allow) C:\Users\Casey Craymer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{3FE72CB0-DAC8-466A-827A-65CB74CEA532}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe

FirewallRules: [{38F18DF2-7858-469D-AB47-BD260BFF6767}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe

FirewallRules: [{A2BC99B1-BEA7-4AC7-809A-4C0A8C406AD4}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe

FirewallRules: [{91F9FCEE-595B-42D9-A01A-95913DA6ACD6}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe

FirewallRules: [{0C8DA51A-FF70-4DD5-9288-832F3D93DDB0}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE

FirewallRules: [{1EA903D5-D351-4D46-9DF0-DD21FF762B1F}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE

FirewallRules: [{CC28F205-0133-4A59-A95D-43BCBD4B47E5}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE

FirewallRules: [{43394BF4-A812-424F-89A8-6411A9AAB88E}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE

FirewallRules: [{2CCD6CFA-3B03-4746-A019-31164B2EEF4C}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE

FirewallRules: [{815A3C12-7DEE-4186-9BDE-0EE42F4199CD}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe

FirewallRules: [{7A7E693B-1552-47E0-AF67-D58E401F14AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: Activation of app 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.

System Error:

Access is denied.

Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:

=============

Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10010) (User: Caseys-PC)

Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/06/2015 06:17:13 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/06/2015 06:17:08 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office:

=========================

Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral-2144927149

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.

System Error:

Access is denied.

Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.

System Error:

Access is denied.

Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170

Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170

Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170

Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)

Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170

CodeIntegrity:

===================================

Date: 2015-06-07 16:45:54.957

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-07 16:43:46.323

Date: 2015-06-07 16:30:09.892

Date: 2015-06-07 16:29:24.250

Date: 2015-06-07 16:29:10.048

Date: 2015-06-07 16:28:49.559

Date: 2015-06-07 16:28:12.253

Date: 2015-06-04 16:42:39.131

Date: 2015-06-04 16:42:37.588

Date: 2015-06-04 16:42:36.302

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz

Percentage of memory in use: 41%

Total physical RAM: 3986.95 MB

Available physical RAM: 2314.88 MB

Total Virtual: 5202.95 MB

Available Virtual: 3424.87 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.62 GB) (Free:397.92 GB) NTFS

Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)

Partition: GPT Partition Type.

==================== End of log ============================

#2
Essexboy

Posted 06 August 2015 - 09:40 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, lets get the young lass sorted out

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR Extension: (AdZap Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]
2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno
2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini
2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp
Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION
Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc. ) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
C:\Program Files (x86)\WaInternetEnhancer
C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

FINALLY

Set Avast to detect these bad boys

Open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"

#3
allforhimblog

Posted 06 August 2015 - 12:46 PM

Member

Topic Starter
Member
98 posts

Thanks sooo much for the quick response, attached are the two logs requested!!

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015

Ran by Casey Craymer (2015-08-06 12:26:55) Run:1

Running from C:\Users\Casey Craymer\Desktop

Loaded Profiles: Casey Craymer (Available Profiles: Casey Craymer)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:47574

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasear...IpsjnN9Dne175iJ

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.h...HPtab&tp=iehome

HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.h...HPtab&tp=iehome

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

SearchScopes: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.globasear...q={searchTerms}

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

CHR Extension: (AdZap Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]