My daughter downloaded something for Minecraft and it downloaded lots of malware. I think I've gotten it mostly cleaned up but there still something left I believe. Attached are the frst logs
I've come here before and y'all were absolutely amazing, so for this, I'm grateful again!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Casey Craymer (administrator) on CASEYS-PC (06-08-2015 06:24:52)
Running from C:\Users\Casey Craymer\Downloads
Loaded Profiles: Casey Craymer (Available Profiles: Casey Craymer)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT14/1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2ED3EC6-EB0D-4F05-804F-7B7D9A236D4F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DD3DD6C3-9D3C-48C7-9335-673FF8F160E1}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-05]
Chrome:
=======
CHR Profile: C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]
CHR Extension: (Google Search) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]
CHR Extension: (Google Sheets) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Avast Online Security) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-06]
CHR Extension: (Google Wallet) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (AdZap
Block ads across the web) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-08-06]
CHR Extension: (Gmail) - C:\Users\Casey Craymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-06 06:24 - 2015-08-06 06:25 - 00017660 _____ C:\Users\Casey Craymer\Downloads\FRST.txt
2015-08-06 06:24 - 2015-08-06 06:24 - 02169856 _____ (Farbar) C:\Users\Casey Craymer\Downloads\FRST64.exe
2015-08-06 06:24 - 2015-08-06 06:24 - 00000000 ____D C:\FRST
2015-08-06 06:10 - 2015-08-06 06:10 - 00001144 _____ C:\Users\Casey Craymer\Desktop\JRT.txt
2015-08-06 05:58 - 2015-08-06 05:58 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\GWX
2015-08-05 20:31 - 2015-06-27 23:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-05 20:31 - 2015-06-27 23:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-05 20:31 - 2015-06-27 23:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-05 20:31 - 2015-06-27 23:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-05 20:31 - 2015-06-27 10:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-05 20:31 - 2015-06-26 21:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-05 20:31 - 2015-06-26 21:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-05 20:31 - 2015-06-26 21:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-05 20:31 - 2015-06-26 20:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-08-05 20:31 - 2015-06-26 20:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-05 20:31 - 2015-06-26 20:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-05 20:31 - 2015-06-26 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-08-05 20:31 - 2015-06-26 19:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-05 20:31 - 2015-06-24 20:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-05 20:31 - 2015-06-15 16:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-05 20:31 - 2015-06-15 16:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-05 20:31 - 2015-06-15 15:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-05 20:31 - 2015-06-15 15:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-05 20:31 - 2015-06-15 14:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-05 20:31 - 2015-06-15 13:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-05 20:31 - 2015-05-07 11:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-05 20:31 - 2015-05-07 11:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-05 20:31 - 2015-05-07 10:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-05 20:31 - 2015-05-07 10:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-05 20:31 - 2015-05-07 09:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-08-05 20:31 - 2015-05-07 09:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-08-05 20:31 - 2015-05-02 18:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-08-05 20:31 - 2015-04-29 17:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-08-05 20:31 - 2015-04-24 20:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-08-05 20:31 - 2014-11-04 13:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-08-05 20:31 - 2014-11-04 13:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-08-05 20:31 - 2014-11-04 00:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-08-05 20:31 - 2014-11-04 00:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-08-05 20:30 - 2015-07-09 13:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-05 20:30 - 2015-07-09 12:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-05 20:30 - 2015-07-09 10:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-05 20:30 - 2015-07-09 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-05 20:30 - 2015-07-09 09:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-05 20:30 - 2015-07-09 09:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-05 20:30 - 2015-07-09 09:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-05 20:30 - 2015-07-09 09:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-05 20:30 - 2015-07-09 09:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-05 20:30 - 2015-07-09 09:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-05 20:30 - 2015-07-09 09:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-05 20:30 - 2015-07-09 09:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-05 20:30 - 2015-07-09 09:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-05 20:30 - 2015-07-01 16:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-05 20:30 - 2015-07-01 15:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-05 20:30 - 2015-06-26 21:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-05 20:30 - 2015-06-26 21:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-05 20:30 - 2015-06-26 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-05 20:30 - 2015-05-30 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-08-05 20:30 - 2015-05-30 13:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-05 20:30 - 2015-05-30 13:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-05 20:30 - 2015-05-03 09:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 20:30 - 2015-05-03 08:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 20:30 - 2015-05-03 08:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-08-05 20:30 - 2015-05-03 08:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-08-05 20:29 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-05 20:29 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-05 20:29 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-05 20:29 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-05 20:29 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-05 20:29 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-05 20:29 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-05 20:29 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-05 20:28 - 2015-06-15 16:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-05 20:28 - 2015-06-15 16:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-05 20:28 - 2015-06-15 16:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-05 20:28 - 2015-06-15 16:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-05 20:28 - 2015-06-15 16:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-08-05 20:28 - 2015-06-15 15:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-05 20:28 - 2015-06-15 15:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-05 20:28 - 2015-06-15 15:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-05 20:28 - 2015-06-15 15:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-05 20:28 - 2015-06-15 15:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-05 20:28 - 2015-06-15 15:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-05 20:28 - 2015-06-15 15:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-05 20:28 - 2015-06-15 15:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-05 20:28 - 2015-06-15 15:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-05 20:28 - 2015-06-15 15:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-05 20:28 - 2015-06-15 15:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-05 20:28 - 2015-06-15 15:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-05 20:28 - 2015-06-15 15:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 20:28 - 2015-06-15 15:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-05 20:28 - 2015-06-15 14:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-05 20:28 - 2015-06-15 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-08-05 20:28 - 2015-06-15 14:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-05 20:28 - 2015-06-15 14:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-05 20:28 - 2015-06-15 14:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-05 20:28 - 2015-06-15 14:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-05 20:28 - 2015-06-15 14:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-05 20:28 - 2015-06-15 14:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-08-05 20:28 - 2015-06-15 14:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-05 20:28 - 2015-06-15 14:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-05 20:28 - 2015-06-15 14:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-05 20:28 - 2015-06-15 14:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-05 20:28 - 2015-06-15 14:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-05 20:28 - 2015-06-15 14:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-05 20:28 - 2015-06-10 21:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-05 20:28 - 2015-06-10 10:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-05 20:28 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-05 20:28 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-05 20:28 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-05 20:28 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-05 20:28 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-05 20:28 - 2015-05-12 07:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-08-05 20:28 - 2015-04-28 07:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-08-05 20:26 - 2015-06-15 23:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-05 20:26 - 2015-06-15 23:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-05 20:26 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-05 20:26 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-05 20:26 - 2015-05-11 10:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-08-05 20:26 - 2015-05-03 09:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-08-05 20:26 - 2015-05-03 08:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-08-05 20:26 - 2015-05-01 17:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-05 20:25 - 2015-05-07 10:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-05 20:24 - 2015-07-25 07:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-05 20:24 - 2015-06-29 16:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-05 20:24 - 2015-06-29 09:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-05 20:24 - 2015-06-29 09:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-05 20:24 - 2015-06-26 17:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-05 20:24 - 2015-06-26 17:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-05 20:24 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-05 20:24 - 2015-04-23 09:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-05 20:24 - 2015-04-23 09:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-05 20:23 - 2015-07-14 08:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-05 20:23 - 2015-07-14 08:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-05 20:09 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-08-05 20:09 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-08-05 20:09 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-08-05 20:09 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-08-05 20:09 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-08-05 20:09 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-08-05 20:09 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-08-05 20:09 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-08-05 20:09 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-08-05 20:09 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-08-05 20:09 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-08-05 20:09 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-08-05 20:09 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-08-05 20:08 - 2015-04-16 00:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-08-05 20:08 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-08-05 20:08 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-08-05 20:08 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-08-05 20:08 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-08-05 20:08 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-08-05 20:08 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-08-05 20:08 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-08-05 20:08 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-08-05 20:08 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-08-05 20:08 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-08-05 20:08 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-08-05 20:08 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-08-05 20:08 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-08-05 19:11 - 2015-08-05 19:11 - 04923920 _____ (McAfee, Inc.) C:\Users\Casey Craymer\Downloads\MCPR.exe
2015-08-05 19:02 - 2015-08-05 19:02 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\AVAST Software
2015-08-05 19:01 - 2015-08-05 19:01 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 19:01 - 2015-08-05 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 18:59 - 2015-08-05 18:59 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 18:59 - 2015-08-05 18:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-05 18:59 - 2015-08-05 18:59 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-05 18:59 - 2015-08-05 18:58 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-05 18:59 - 2015-08-05 18:58 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-05 18:58 - 2015-08-05 18:58 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-05 18:57 - 2015-08-05 18:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-05 18:54 - 2015-08-05 18:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-05 18:52 - 2015-08-05 19:12 - 00000384 _____ C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job
2015-08-05 18:52 - 2015-08-05 18:52 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCasey Craymer
2015-08-05 18:50 - 2015-08-05 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 18:49 - 2015-08-05 18:49 - 05685584 _____ (AVAST Software) C:\Users\Casey Craymer\Downloads\avast_free_antivirus_setup_online.exe
2015-08-05 18:49 - 2015-08-05 18:49 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-05 18:49 - 2015-08-05 18:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-05 18:49 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-05 18:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-05 18:49 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-05 18:48 - 2015-08-05 18:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Casey Craymer\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-05 18:47 - 2015-08-05 18:47 - 02248704 _____ C:\Users\Casey Craymer\Desktop\AdwCleaner.exe
2015-08-05 18:44 - 2015-08-05 19:46 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 18:44 - 2015-08-05 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 18:43 - 2015-08-06 06:19 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 18:43 - 2015-08-06 05:48 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Google
2015-08-05 18:43 - 2015-08-05 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 18:43 - 2015-08-05 18:43 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 18:43 - 2015-08-05 18:43 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 18:42 - 2015-08-05 18:43 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Deployment
2015-08-05 18:42 - 2015-08-05 18:42 - 00000000 ____D C:\Users\Casey Craymer\AppData\Local\Apps\2.0
2015-08-05 18:32 - 2015-08-05 18:32 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-08-05 18:24 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-08-05 17:50 - 2015-08-06 06:15 - 00000000 ____D C:\AdwCleaner
2015-08-05 17:35 - 2015-08-05 18:30 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Casey Craymer\Desktop\JRT.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-06 06:26 - 2014-12-25 15:47 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7032B7AA-6923-4327-B1E4-E70FBBC92DFE}
2015-08-06 06:23 - 2014-12-25 15:12 - 00000000 ____D C:\Users\Casey Craymer\Documents\Youcam
2015-08-06 06:18 - 2013-08-22 08:46 - 00031409 _____ C:\Windows\setupact.log
2015-08-06 06:18 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 06:06 - 2014-12-25 15:10 - 01725398 _____ C:\Windows\WindowsUpdate.log
2015-08-06 06:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-06 04:34 - 2013-08-22 08:44 - 00354888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-06 04:32 - 2014-03-18 03:44 - 00071192 _____ C:\Windows\PFRO.log
2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-06 04:30 - 2015-04-22 17:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 04:30 - 2014-12-30 22:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\WinStore
2015-08-06 04:30 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-06 04:19 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-06 04:02 - 2014-12-30 12:35 - 00000000 ____D C:\Windows\system32\MRT
2015-08-06 03:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-05 23:30 - 2015-06-04 13:15 - 00000000 ____D C:\ProgramData\BefvaUno
2015-08-05 22:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-08-05 22:10 - 2014-12-25 15:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372550845-1202683925-3875372593-1001
2015-08-05 19:46 - 2015-06-04 11:01 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2015-08-05 19:14 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-05 19:05 - 2015-06-15 21:42 - 00000000 ____D C:\Windows\pss
2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files\OBS
2015-08-05 18:52 - 2015-06-01 16:29 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-05 18:52 - 2014-12-25 15:10 - 00000000 ____D C:\Users\Casey Craymer
2015-08-05 18:48 - 2015-06-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro
2015-08-05 18:48 - 2015-06-01 16:18 - 00003114 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001
2015-08-05 18:48 - 2015-04-16 15:22 - 00000000 ___RD C:\Users\Casey Craymer\OneDrive
2015-08-05 18:46 - 2014-07-18 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-05 18:39 - 2015-06-04 13:16 - 00004632 _____ C:\Windows\SysWOW64\Oduvxhow.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\SysWOW64\OduvxhowOff.ini
2015-08-05 18:39 - 2015-06-04 13:16 - 00002536 _____ C:\Windows\system32\OduvxhowOff.ini
2015-08-05 18:39 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-05 18:34 - 2014-08-14 15:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-08-05 18:24 - 2014-03-31 19:07 - 00000000 ____D C:\SWSetup
2015-08-05 17:27 - 2015-06-04 11:11 - 00000000 ____D C:\Users\Casey Craymer\AppData\Roaming\Open Download Manager
2015-08-05 17:27 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-04 17:10 - 2015-05-03 14:04 - 00000000 ____D C:\PaintToolSAI
2015-07-28 19:18 - 2015-05-29 19:18 - 00003208 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCASEYS-PC$
2015-07-28 19:18 - 2015-05-29 19:18 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job
2015-07-26 23:16 - 2015-04-12 13:58 - 00000000 ____D C:\Users\Casey Craymer\.gimp-2.8
2015-07-13 15:10 - 2015-05-22 20:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 15:10 - 2015-05-22 20:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-06-13 13:19 - 2015-06-13 13:19 - 0000000 _____ () C:\Program Files (x86)\f7b7c2cc-d9a9-4256-98b0-770637f7f143.tmp
2015-06-08 23:18 - 2015-06-22 15:13 - 0000098 _____ () C:\Users\Casey Craymer\AppData\Roaming\WB.CFG
2015-05-20 23:49 - 2015-05-25 14:58 - 0006144 _____ () C:\Users\Casey Craymer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-22 20:29 - 2015-06-22 20:29 - 0003389 _____ () C:\Users\Casey Craymer\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Casey Craymer\AppData\Local\Temp\DownPageDll.dll
C:\Users\Casey Craymer\AppData\Local\Temp\gb-installer-nsi.exe
C:\Users\Casey Craymer\AppData\Local\Temp\gb-update.exe
C:\Users\Casey Craymer\AppData\Local\Temp\nxp7yujv.dll
C:\Users\Casey Craymer\AppData\Local\Temp\Quarantine.exe
C:\Users\Casey Craymer\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Casey Craymer\AppData\Local\Temp\SpOrder.dll
C:\Users\Casey Craymer\AppData\Local\Temp\sqlite3.dll
C:\Users\Casey Craymer\AppData\Local\Temp\_is1705.exe
C:\Users\Casey Craymer\AppData\Local\Temp\_is6F46.exe
C:\Users\Casey Craymer\AppData\Local\Temp\_isD31F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-06 03:52
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Casey Craymer (2015-08-06 06:26:56)
Running from C:\Users\Casey Craymer\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2372550845-1202683925-3875372593-500 - Administrator - Disabled)
Casey Craymer (S-1-5-21-2372550845-1202683925-3875372593-1001 - Administrator - Enabled) => C:\Users\Casey Craymer
Guest (S-1-5-21-2372550845-1202683925-3875372593-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.100 - Ezvid, inc.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version: - )
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2372550845-1202683925-3875372593-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Casey Craymer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
01-06-2015 16:08:27 Installed DirectX
05-08-2015 18:56:06 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {243309CA-74DE-42D4-B545-8D7938BF0CFF} - \PastaLeads No Task File <==== ATTENTION
Task: {55AF833A-24CA-435F-8F53-137266434B61} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2372550845-1202683925-3875372593-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {70EC4B74-03B5-4C21-92C2-C7AF5369147A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {77046444-CE20-4C65-B8BE-EAAE0D98966D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {77081AA9-7DBE-4F12-BF54-8B1D05F98A3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7E6A0A41-4442-4C4F-A7F6-7801D7F3DDC9} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {848A1BE4-1017-433F-92E4-E0794018FB8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {8861313B-D366-4600-96E7-8A500ABA969A} - System32\Tasks\HPCeeScheduleForCASEYS-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8FBDF014-D105-4E95-940D-1697F3A37061} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)
Task: {8FD00FA0-25E0-4A09-BA92-3C57CF152895} - System32\Tasks\HPCeeScheduleForCasey Craymer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {90FEC829-55FA-4C4C-BABB-9C7DB1EEDA8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {99DF7F7E-4552-4926-8C29-2D25AE8F8639} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP HEALTH CHECK\ACTIVECHECK\PRODUCT_LINE\DETECTION_TOASTNOTIFY.EXE [2015-05-21] (Hewlett-Packard)
Task: {BDD68644-4562-4224-90F3-79F145D85E0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {D523CF7E-87FA-4908-8375-517F54DE1960} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {F7666804-AA43-4288-AFB7-270B769456B5} - System32\Tasks\PaintTool SAI => C:\Users\Casey Craymer\AppData\Local\Temp\is-MVE2O.tmp\prsetup.exe [2015-04-03] (SystemaxJP, Inc. ) <==== ATTENTION
Task: {FE6330E4-DA99-4E4C-A5F6-672973822F8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCasey Craymer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCASEYS-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-03 18:10 - 2015-02-26 16:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-08-05 18:58 - 2015-08-05 18:58 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-05 18:58 - 2015-08-05 18:58 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-06 04:34 - 2015-08-06 04:34 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080601\algo.dll
2015-08-05 18:58 - 2015-08-05 18:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-05 18:44 - 2015-07-31 00:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Casey Craymer\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gazmelp113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oduvxhow => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Qypausa113.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey Craymer\Pictures\inobkblrbgjinte.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: caa89563 => 2
MSCONFIG\Services: cae99edb => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: csrcc => 2
MSCONFIG\Services: d54b8bbd-6b74-4d90-b801-8120aa8b2438 => 2
MSCONFIG\Services: NetHttpService => 2
MSCONFIG\Services: PastaLeadsUpdaterService => 2
MSCONFIG\Services: PCTechHotlineSvc => 2
MSCONFIG\Services: scsvc_1.10.0.16 => 2
MSCONFIG\Services: SC_Svc => 2
MSCONFIG\Services: shopperz Updater => 2
MSCONFIG\Services: Update Edu App => 2
MSCONFIG\Services: UpdateCheck => 2
MSCONFIG\Services: Util Edu App => 2
MSCONFIG\Services: VOTPrx => 2
MSCONFIG\Services: WaInternetEnhancer Service => 2
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "SpywareClearShield"
HKLM\...\StartupApproved\Run: => "SpywareClearUpdater"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "WinCheck"
HKLM\...\StartupApproved\Run32: => "gmsd_us_657"
HKLM\...\StartupApproved\Run32: => "PCAcceleratePro"
HKLM\...\StartupApproved\Run32: => "PCTechHotline"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "pricefountainw.exe"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "PastaLeadsApplication"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Only-search"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Open Download Manager"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "Super Optimizer"
HKU\S-1-5-21-2372550845-1202683925-3875372593-1001\...\StartupApproved\Run: => "UpdateAdmin"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BCBDDDE-36A0-469E-93A3-891E98FF4E3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4346F0E9-FA1A-4E54-A09D-5CA6AABA2634}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{561D27B8-CCD3-4987-8217-EA388574677F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6282F28E-3B4C-44A7-9581-5C1BAA1A9A1C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B36BF27-B1A7-4509-90C1-E7AAA8769611}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F602CFE-A6CE-4E23-A97D-8D0CF6570A53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{2F37B2F5-BFED-4A6E-953B-4B9D1D7D919E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3C4D2BA5-ABC6-4875-BB7F-268C46BCB5F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{21E601CA-A1E3-430F-9097-BD279699E321}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A6845C23-8D37-4298-A6B9-8DB34CFA6C3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{24903623-7837-4485-AAE4-F14E21A66A36}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CD90F08F-9854-4D0A-A2F3-9B3E298B7DB8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A1C7DDA2-8C73-4361-89B7-2462C7162599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9590EF66-ADC1-4B55-B0A8-6275A5E12711}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E249434F-7E47-422A-A867-7142A35591F4}] => (Allow) LPort=2869
FirewallRules: [{D1692D05-788A-485E-BE29-AADF32D6DC3F}] => (Allow) LPort=1900
FirewallRules: [{3765D69D-1D59-47C3-B7C3-D12551091DFD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{590BB88D-7C81-495C-B4C7-7CAD60245295}] => (Allow) C:\Users\Casey Craymer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3FE72CB0-DAC8-466A-827A-65CB74CEA532}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{38F18DF2-7858-469D-AB47-BD260BFF6767}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{A2BC99B1-BEA7-4AC7-809A-4C0A8C406AD4}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{91F9FCEE-595B-42D9-A01A-95913DA6ACD6}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
FirewallRules: [{0C8DA51A-FF70-4DD5-9288-832F3D93DDB0}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{1EA903D5-D351-4D46-9DF0-DD21FF762B1F}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{CC28F205-0133-4A59-A95D-43BCBD4B47E5}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{43394BF4-A812-424F-89A8-6411A9AAB88E}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{2CCD6CFA-3B03-4746-A019-31164B2EEF4C}] => (Allow) C:\ProgramData\BefvaUno\tiieasoc.EXE
FirewallRules: [{815A3C12-7DEE-4186-9BDE-0EE42F4199CD}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{7A7E693B-1552-47E0-AF67-D58E401F14AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed
System Error:
Access is denied.
.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed
System Error:
Access is denied.
.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed
System Error:
Access is denied.
.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.
System Error:
Access is denied.
.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.
System Error:
Access is denied.
.
Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: Activation of app AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/06/2015 06:17:37 AM) (Source: DCOM) (EventID: 10010) (User: Caseys-PC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (08/06/2015 06:17:13 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/06/2015 06:17:08 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/06/2015 06:17:04 AM) (Source: DCOM) (EventID: 10005) (User: Caseys-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office:
=========================
Error: (08/05/2015 07:08:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: 2703103D.McAfeeCentral_4ehj4w4frejdr!McAfeeCentral-2144927149
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service rusukabgu since QueryServiceConfig API failed
System Error:
Access is denied.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service nifwoufp since QueryServiceConfig API failed
System Error:
Access is denied.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service LuocaPopcof since QueryServiceConfig API failed
System Error:
Access is denied.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Qypausa113 service.
System Error:
Access is denied.
Error: (08/05/2015 06:56:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Gazmelp113 service.
System Error:
Access is denied.
Error: (06/22/2015 08:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
Error: (06/22/2015 04:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
Error: (06/22/2015 04:29:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
Error: (06/22/2015 04:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Caseys-PC)
Description: AD2F1837.HPConnectedMusic_v10z8vjag6ke6!App-2147023170
CodeIntegrity:
===================================
Date: 2015-06-07 16:45:54.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:43:46.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:30:09.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:29:24.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:29:10.048
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:28:49.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 16:28:12.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-04 16:42:39.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-04 16:42:37.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-04 16:42:36.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 41%
Total physical RAM: 3986.95 MB
Available physical RAM: 2314.88 MB
Total Virtual: 5202.95 MB
Available Virtual: 3424.87 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:444.62 GB) (Free:397.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)
Partition: GPT Partition Type.
==================== End of log ============================