Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure of specifics just see suspicious exe and file names


  • This topic is locked This topic is locked
20 replies to this topic

#1 bpruitt

bpruitt

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 01 August 2015 - 05:33 AM

possible issues but I am unsure as I have never really looked deeply into files or systems until now.  I just know the computer has had a BSOD, which I already addressed in that forum. So now I am here to resolve possible suspicious issues that won't resolve for me or may be unknown to me.

 

Please note:  Multi users until today.  Hands off till possible issues are resolved.  Therefore, I have no idea if a user has tried to perform "self help" fix its as we all have complained of odd issues then the BSOD happened and issues still pop up occasionally. So I apologize if a 'wanna be" computer tech in the household has already used tools from here for the self help.

 

In the forum for BSOD it was advised to uninstall malwarebytes until further discussion here as it may not be cooperating with AVG.  (both Malwarebytes and AVG 2015 are paid subscriptions).

 

******these may not be issues, I would not know. I don't understand the listed programs either but may be normal******

 

AVG has said it has found and blocked (perhaps it is still an issue) possible "Linux/exploid.mempodroid virus" possible wondershare or mobilego Trojan

 

windows updates some go to a "d" drive most to "c" drive (is that normal???? where is a "d" drive)

 

some issues with Epson connect drivers or something (I own an Epson printer in the 300 series but do not recognize some programs and don't know why they are there from a Seiko Epson corp

bonjour

cisco systems (3 programs)

srs labs, inc for control panel

origin

14 different program/installs for Toshiba (ummmmm....that seems steep)

 

reimage downloader repair exe

reisystem.exe

bonjour

binkiland

gwx.exe

system 32 dashost exe

compattel query app block

Enigma software will not completely uninstall

 

possible issues with improper uninstall of : hitman pro, cc cleaner, old avg, spybot search and destroy

 

There may be other problems too. I have unfamiliar things with my network/internet. But thought I would start here.

 

Thank you in advance for helping, it is much appreciated

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by bpruitt (administrator) on SIMON (01-08-2015 01:32:28)
Running from C:\Users\bpruitt\Desktop
Loaded Profiles: bpruitt (Available Profiles: bpruitt)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIICE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [286720 2007-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIICE.EXE [283232 2014-12-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIICE.EXE [283232 2014-12-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> {1751A90B-D5EB-452E-8BCD-16EA42121A37} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> {1751A90B-D5EB-452E-8BCD-16EA42121A37} URL =
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{7CFFB48C-0525-49E5-8F3D-D415B95AA45B}: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{C2EA7BBB-90D7-4CF5-8631-25B5086A8D1F}: [DhcpNameServer] 192.168.0.1 205.171.2.26

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Google Drive) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (YouTube) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Google Search) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (Google Wallet) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
CHR Extension: (Gmail) - C:\Users\bpruitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]
StartMenuInternet: Google Chrome - chrome.exe

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1528432 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-07] ()

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation                           )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 01:32 - 2015-08-01 01:32 - 00014530 _____ C:\Users\bpruitt\Desktop\FRST.txt
2015-08-01 01:32 - 2015-08-01 01:32 - 00000000 ____D C:\FRST
2015-08-01 01:31 - 2015-08-01 01:32 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 01:29 - 2015-08-01 01:29 - 02168832 _____ (Farbar) C:\Users\bpruitt\Desktop\FRST64.exe
2015-07-29 02:49 - 2015-07-29 03:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-29 02:49 - 2015-07-29 02:49 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 02:48 - 2015-07-29 03:07 - 00000000 ____D C:\Users\bpruitt\Desktop\mbar
2015-07-29 02:48 - 2015-07-29 02:48 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-29 02:47 - 2015-07-29 02:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\bpruitt\Downloads\mbar-1.09.1.1004.exe
2015-07-28 02:10 - 2015-07-28 02:11 - 00000000 ____D C:\Users\bpruitt\Documents\pointer device
2015-07-28 01:43 - 2015-07-28 01:43 - 00000000 _____ C:\Users\bpruitt\Sti_Trace.log
2015-07-28 01:42 - 2015-07-28 01:42 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-28 00:50 - 2015-07-28 02:12 - 00000000 ____D C:\Users\bpruitt\Documents\RootkitRevealer
2015-07-27 23:37 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-25 23:32 - 2015-07-25 23:32 - 00000000 ____D C:\Users\bpruitt\AppData\Local\CEF
2015-07-25 16:51 - 2015-07-25 21:41 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-07-25 15:53 - 2015-07-25 21:42 - 00021486 _____ C:\WINDOWS\DPINST.LOG
2015-07-25 15:53 - 2015-07-25 21:42 - 00001422 _____ C:\WINDOWS\Synaptics.log
2015-07-25 15:39 - 2015-07-25 15:39 - 03571272 _____ (TOSHIBA America Information Systems) C:\Users\bpruitt\Documents\GetProductInfo.exe
2015-07-25 02:26 - 2015-07-25 02:26 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-25 02:26 - 2015-07-25 02:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-25 02:26 - 2015-07-25 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-25 02:25 - 2015-07-25 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-25 02:23 - 2015-07-25 02:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-25 02:23 - 2015-07-25 02:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-25 02:21 - 2015-06-12 10:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-25 02:21 - 2015-06-12 09:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-25 02:21 - 2015-06-09 11:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-25 02:20 - 2015-06-11 13:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-25 02:20 - 2015-06-11 13:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-25 02:20 - 2015-05-11 17:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-25 02:20 - 2015-04-30 18:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-25 02:20 - 2015-04-30 18:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-25 02:20 - 2015-04-30 18:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-25 00:07 - 2015-07-25 00:07 - 01126594 _____ C:\Users\bpruitt\Desktop\WindowsUpdate found.log
2015-07-24 23:24 - 2015-07-24 23:24 - 00000000 ____D C:\Users\bpruitt\Documents\LocaleMetaData
2015-07-24 22:39 - 2015-07-24 22:39 - 00000000 _____ C:\Users\bpruitt\Desktop\New Text Document.txt
2015-07-23 21:45 - 2015-07-23 21:45 - 00000581 _____ C:\Users\bpruitt\Documents\OS info.zip
2015-07-23 21:00 - 2015-07-23 21:00 - 00280664 _____ C:\WINDOWS\Minidump\072315-30031-01.dmp
2015-07-23 21:00 - 2015-07-23 21:00 - 00001538 _____ C:\WINDOWS\PFRO.log
2015-07-23 18:08 - 2015-07-23 18:24 - 00000718 _____ C:\Users\bpruitt\Documents\OS info.txt
2015-07-23 15:38 - 2015-07-23 15:38 - 00156190 _____ C:\Users\bpruitt\Documents\Perfmon.zip
2015-07-23 14:52 - 2015-07-23 14:49 - 02889616 _____ C:\Users\bpruitt\Documents\Perfmon.html
2015-07-23 14:43 - 2015-07-23 14:43 - 02492554 _____ C:\Users\bpruitt\Documents\SysnativeFileCollectionApp.zip
2015-07-23 14:40 - 2015-07-26 23:19 - 00000000 ____D C:\Users\bpruitt\Documents\SysnativeFileCollectionApp
2015-07-23 14:40 - 2015-07-23 14:40 - 00158720 _____ (Sysnative) C:\Users\bpruitt\Documents\SysnativeBSODCollectionApp.exe
2015-07-23 14:13 - 2015-07-23 14:13 - 00000000 ____D C:\Users\bpruitt\Desktop\all desktop extras
2015-07-21 18:25 - 2015-08-01 01:17 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-07-21 17:50 - 2015-07-21 17:50 - 00280664 _____ C:\WINDOWS\Minidump\072115-33265-01.dmp
2015-07-20 19:11 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 19:11 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 19:11 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 19:11 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-19 16:43 - 2015-07-19 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-17 16:58 - 2015-07-17 16:58 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-17 16:57 - 2015-07-19 15:22 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Apple Computer
2015-07-17 16:57 - 2015-07-19 06:46 - 00000000 ____D C:\Users\bpruitt\AppData\Roaming\Apple Computer
2015-07-17 16:57 - 2015-07-17 16:57 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-17 16:57 - 2015-07-17 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-17 16:56 - 2015-07-17 16:56 - 00000000 ____D C:\Program Files\iTunes
2015-07-17 16:56 - 2015-07-17 16:56 - 00000000 ____D C:\Program Files\iPod
2015-07-17 16:56 - 2015-07-17 16:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-17 16:28 - 2015-07-22 12:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-07-17 16:28 - 2015-07-17 16:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-07-17 16:28 - 2015-07-17 16:28 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Apple
2015-07-17 16:28 - 2015-07-17 16:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-17 16:27 - 2015-07-17 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-17 16:27 - 2015-07-17 16:28 - 00000000 ____D C:\ProgramData\Apple
2015-07-17 16:27 - 2015-07-17 16:27 - 00000000 ____D C:\Program Files\Bonjour
2015-07-17 16:27 - 2015-07-17 16:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-17 16:23 - 2015-08-01 01:20 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AEB8205-25DB-4AFD-A926-6B8A6709CFCF}
2015-07-15 05:57 - 2015-08-01 01:16 - 00006600 _____ C:\WINDOWS\setupact.log
2015-07-14 13:45 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-14 13:45 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-14 13:45 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-14 13:45 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-14 13:45 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-14 13:45 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-14 13:45 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-14 13:45 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-14 13:45 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-14 13:45 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-14 13:45 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-14 13:45 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-14 13:45 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-14 13:45 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-14 13:45 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-14 13:45 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-14 13:44 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-14 13:44 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-14 13:44 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-14 13:44 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-14 13:44 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-14 13:44 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-14 13:44 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-14 13:44 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-14 13:44 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-14 13:44 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-14 13:44 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-14 13:44 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-14 13:44 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-14 13:44 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-14 13:44 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-14 13:44 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-14 13:44 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-14 13:44 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-14 13:44 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-14 13:43 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-14 13:43 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-14 13:43 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-14 13:43 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-14 13:43 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-14 13:43 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-14 13:43 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-14 13:43 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-14 13:43 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-14 13:43 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-14 13:43 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-14 13:43 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-14 13:43 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-14 13:42 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-14 13:42 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-14 13:42 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-14 13:42 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-14 13:42 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-14 13:42 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-14 13:42 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-14 13:42 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-14 13:42 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-14 13:42 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-14 13:42 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 13:42 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-14 13:42 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-14 13:42 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-14 13:42 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-14 13:42 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-14 13:42 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-14 13:42 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:42 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:42 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-14 13:42 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-14 13:41 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-14 13:41 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-14 13:41 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-14 13:41 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-14 13:41 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-14 13:41 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-14 13:41 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-14 13:41 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-14 13:41 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-14 13:41 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-14 13:41 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-14 13:41 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-14 13:41 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-14 13:41 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-14 13:41 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-14 13:41 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-14 13:41 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-14 13:41 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-14 13:41 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-14 13:41 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-14 13:41 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-14 13:41 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-14 13:41 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-14 13:41 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-14 13:41 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-14 13:41 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-14 13:41 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-14 13:41 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-14 13:41 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-14 13:41 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-14 13:41 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-14 13:41 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-14 13:41 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-14 13:41 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 13:41 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 13:41 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 13:41 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 13:41 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 13:40 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-14 13:40 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 13:40 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 13:40 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 13:40 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 13:40 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 13:40 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 13:40 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-14 06:02 - 2015-07-14 06:02 - 00003096 _____ C:\WINDOWS\System32\Tasks\{E030F300-BE18-4C91-B918-E57A194C1879}
2015-07-14 05:21 - 2015-07-23 21:00 - 374491028 _____ C:\WINDOWS\MEMORY.DMP
2015-07-14 05:21 - 2015-07-14 05:21 - 00280664 _____ C:\WINDOWS\Minidump\071415-44968-01.dmp
2015-07-14 05:16 - 2015-07-14 06:07 - 00000000 ____D C:\ProgramData\Foolish IT
2015-07-14 05:16 - 2015-07-14 05:16 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2015-07-14 04:43 - 2015-07-14 04:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-14 04:18 - 2015-07-22 12:10 - 00000000 ____D C:\bin
2015-07-13 16:13 - 2015-07-13 16:13 - 00000000 ____D C:\Users\bpruitt\AppData\Local\CutePDF Writer
2015-07-13 16:11 - 2015-07-15 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-07-13 16:11 - 2015-07-15 05:52 - 00000000 ____D C:\Program Files (x86)\GPLGS
2015-07-13 16:11 - 2015-07-13 16:11 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-07-13 16:11 - 2013-10-23 15:24 - 00087600 _____ C:\WINDOWS\system32\cpwmon64.dll
2015-07-13 12:48 - 2015-07-29 00:07 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-281263272-3773558374-1387912350-1001
2015-07-13 11:57 - 2015-07-13 11:57 - 00002762 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-07-07 12:03 - 2015-07-07 12:03 - 00002212 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2015-07-07 12:03 - 2015-07-07 12:03 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-07-07 12:03 - 2015-07-07 12:03 - 00002186 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-07-07 12:03 - 2015-07-07 12:03 - 00000000 ____D C:\Users\bpruitt\AppData\Roaming\AVG
2015-07-07 12:03 - 2015-06-29 10:24 - 00041784 _____ (AVG Technologies) C:\WINDOWS\system32\TURegOpt.exe
2015-07-07 12:03 - 2015-06-29 10:23 - 00030520 _____ (AVG Technologies) C:\WINDOWS\system32\authuitu.dll
2015-07-07 12:03 - 2015-06-29 10:23 - 00025912 _____ (AVG Technologies) C:\WINDOWS\SysWOW64\authuitu.dll
2015-07-07 11:59 - 2015-07-07 12:04 - 00000000 ____D C:\ProgramData\AVG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 01:32 - 2015-05-23 02:44 - 01739287 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-01 01:32 - 2015-03-09 19:11 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 01:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-01 01:22 - 2013-04-08 16:28 - 00000000 ____D C:\ProgramData\MFAData
2015-08-01 01:17 - 2015-03-09 18:23 - 00000000 ____D C:\Users\bpruitt
2015-08-01 01:16 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 04:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 00:41 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\bpruitt\RootkitRevealer.exe
2015-07-28 00:41 - 2006-07-28 08:32 - 00007005 _____ C:\Users\bpruitt\Eula.txt
2015-07-28 00:41 - 2005-12-07 14:19 - 00102160 _____ C:\Users\bpruitt\RootkitRevealer.chm
2015-07-27 23:55 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-27 23:38 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-27 22:02 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-27 15:54 - 2013-04-04 21:52 - 00000000 ____D C:\Users\bpruitt\AppData\Local\VirtualStore
2015-07-26 02:04 - 2015-06-09 18:18 - 00000000 ____D C:\Users\bpruitt\AppData\Roaming\Skype
2015-07-25 23:31 - 2012-11-14 22:32 - 00000000 ____D C:\ProgramData\Toshiba
2015-07-25 16:52 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-25 02:26 - 2015-06-09 18:18 - 00000000 ____D C:\ProgramData\Skype
2015-07-23 21:00 - 2015-03-17 16:53 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-23 14:44 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-23 14:15 - 2014-02-04 16:18 - 00434688 ___SH C:\Users\bpruitt\Desktop\Thumbs.db
2015-07-22 12:10 - 2015-03-20 19:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-22 12:10 - 2014-11-21 08:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Com
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-07-22 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Camera
2015-07-22 12:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-07-22 12:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-22 12:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-22 12:09 - 2015-04-15 00:18 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-22 12:09 - 2015-03-09 18:15 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-07-22 12:09 - 2014-11-21 01:00 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-07-22 12:09 - 2014-11-21 01:00 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-07-22 12:09 - 2014-11-21 01:00 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-07-22 12:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-22 12:09 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-22 12:09 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-07-22 12:09 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-22 12:09 - 2013-04-04 21:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-07-22 12:09 - 2013-03-11 14:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2015-07-22 12:01 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-22 09:05 - 2015-05-25 00:31 - 00007600 _____ C:\Users\bpruitt\AppData\Local\Resmon.ResmonCfg
2015-07-22 07:20 - 2014-11-21 01:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-21 20:16 - 2015-05-23 02:00 - 00000000 ____D C:\AdwCleaner
2015-07-20 21:37 - 2013-08-22 07:44 - 00362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-19 16:01 - 2013-06-21 15:09 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Windows Live
2015-07-19 03:28 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-17 19:43 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-07-17 16:58 - 2015-05-17 02:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-17 16:56 - 2013-10-02 14:47 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-17 16:17 - 2015-04-15 00:18 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 16:17 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 07:19 - 2013-08-16 00:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 05:52 - 2014-04-03 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-15 05:52 - 2013-08-22 08:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-15 05:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-07-15 05:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-15 05:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\addins
2015-07-13 14:10 - 2014-11-21 09:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2014-11-21 09:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 02:24 - 2013-04-04 21:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2015-07-08 22:52 - 2014-03-29 14:35 - 00334848 ___SH C:\Users\bpruitt\Documents\Thumbs.db
2015-07-08 03:10 - 2012-11-14 22:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-08 01:43 - 2013-04-04 21:52 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Packages
2015-07-08 00:35 - 2015-03-20 21:01 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Avg2015
2015-07-07 15:20 - 2015-06-29 22:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-07 12:02 - 2013-04-08 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-07 12:00 - 2015-05-22 23:22 - 00000000 ____D C:\Users\bpruitt\AppData\Local\Avg
2015-07-07 11:54 - 2015-06-24 13:27 - 00000000 ____D C:\Users\bpruitt\AppData\Local\AVG Web TuneUp
2015-07-07 11:54 - 2015-06-24 13:26 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-07-07 11:46 - 2015-06-24 13:26 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-07-07 11:46 - 2015-06-24 13:26 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-07-07 11:46 - 2013-04-08 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2013-04-10 23:31 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-10-02 14:48 - 2013-10-02 14:48 - 0000268 ___RH () C:\Users\bpruitt\AppData\Roaming\Drums
2013-10-02 14:50 - 2013-10-02 14:50 - 0000268 ___RH () C:\Users\bpruitt\AppData\Roaming\Echo
2015-03-20 20:06 - 2015-03-20 20:41 - 0000115 _____ () C:\Users\bpruitt\AppData\Roaming\LogFile.txt
2015-03-20 11:43 - 2015-03-20 21:43 - 0000068 _____ () C:\Users\bpruitt\AppData\Roaming\WB.CFG
2015-03-19 01:42 - 2015-03-19 01:42 - 0949858 _____ () C:\Users\bpruitt\AppData\Local\0846756A_stp.CIS
2015-03-19 01:42 - 2015-03-19 01:42 - 0000110 _____ () C:\Users\bpruitt\AppData\Local\0846756A_stp.CIS.part
2015-03-19 01:42 - 2015-03-19 01:42 - 8723608 _____ () C:\Users\bpruitt\AppData\Local\1533E602_stp.CIS
2015-03-19 01:42 - 2015-03-19 01:42 - 0000374 _____ () C:\Users\bpruitt\AppData\Local\1533E602_stp.CIS.part
2015-03-19 01:42 - 2015-03-19 01:42 - 0385602 _____ () C:\Users\bpruitt\AppData\Local\1F7D2135_stp.CIS
2015-03-19 01:42 - 2015-03-20 22:22 - 0000212 _____ () C:\Users\bpruitt\AppData\Local\1F7D2135_stp.CIS.part
2015-03-19 01:42 - 2015-03-19 01:42 - 0194878 _____ () C:\Users\bpruitt\AppData\Local\338D52C3_stp.CIS
2015-03-19 01:42 - 2015-03-19 01:42 - 0000242 _____ () C:\Users\bpruitt\AppData\Local\338D52C3_stp.CIS.part
2014-08-25 13:38 - 2014-08-25 13:38 - 0004608 _____ () C:\Users\bpruitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-25 00:31 - 2015-07-22 09:05 - 0007600 _____ () C:\Users\bpruitt\AppData\Local\Resmon.ResmonCfg
2013-10-02 14:48 - 2013-10-02 14:48 - 0000268 ___RH () C:\ProgramData\Electric Clav
2013-10-02 14:50 - 2013-10-02 14:50 - 0000268 ___RH () C:\ProgramData\Enhance Timing
2013-10-02 14:48 - 2013-10-02 14:48 - 0000012 ___RH () C:\ProgramData\Examples
2013-10-02 14:50 - 2013-10-02 14:50 - 0000012 ___RH () C:\ProgramData\Filesystems
2013-10-02 14:48 - 2015-06-29 22:32 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2013-10-02 14:50 - 2014-06-23 18:38 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Users\bpruitt\RootkitRevealer.exe

Some files in TEMP:
====================
C:\Users\bpruitt\AppData\Local\Temp\AKAKASBNPAB.exe
C:\Users\bpruitt\AppData\Local\Temp\CDTICWHUJ.exe
C:\Users\bpruitt\AppData\Local\Temp\converter.exe
C:\Users\bpruitt\AppData\Local\Temp\F.exe
C:\Users\bpruitt\AppData\Local\Temp\FWDXYZZOM.exe
C:\Users\bpruitt\AppData\Local\Temp\Quarantine.exe
C:\Users\bpruitt\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\bpruitt\AppData\Local\Temp\ReimagePackage.exe
C:\Users\bpruitt\AppData\Local\Temp\RHSetup.exe
C:\Users\bpruitt\AppData\Local\Temp\sqlite3.dll
C:\Users\bpruitt\AppData\Local\Temp\sqlite3.exe
C:\Users\bpruitt\AppData\Local\Temp\Z.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-29 07:29

==================== End of log ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 01 August 2015 - 07:28 PM

I don't see my attachment for the addition notepad file.  So if it is not there let me know and I will repost.

 

all that I have done one the computer since original post is internet searchs and looking at files and becoming familiar (I had no idea there was a hidden partition to change your computer back to factory settings! if it isn't corrupt by now)

 

Avg is asking for a reboot to fully allow protection due to an update.  Since Avg has never asked this of me since I have used AVG I postponed.  I don't want to reboot and chance another BSOD or complete failure since backups have never been done till a few days ago and the hidden partition I just learned of could be ruined I just keep the computer up and running.

 

I do see and think my problem first started is March 2013.

 

also noticed all in IE favorite folder is gone and some document files I made are missing as well (the files do not bother me as they were emailed and therefore can be retrieved).  I don't know when they came up missing as I have been focused on what is wrong with the computer rather than my documents. 

 

So just an update.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 03 August 2015 - 07:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Avg is asking for a reboot to fully allow protection due to an update.

Some major update will request that you restart your computer to complete the installation.
I sugges you do it if not already don.

===

You can download and run the Revo Uninstaller to clean any remnant of programs that were removed.
http://www.revouninstaller.com/

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Copy the content of the Addition.txt file and paste it in your next reply.

Let me know what problem persists.

#4 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 04 August 2015 - 03:03 AM

First off, thank you for helping me so much. While I complete the aforementioned steps here is the addition.txt file content.


Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by bpruitt (2015-08-01 01:33:19)
Running from C:\Users\bpruitt\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-281263272-3773558374-1387912350-500 - Administrator - Disabled)
bpruitt (S-1-5-21-281263272-3773558374-1387912350-1001 - Administrator - Enabled) => C:\Users\bpruitt
Guest (S-1-5-21-281263272-3773558374-1387912350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-281263272-3773558374-1387912350-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4401 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.604 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.4.948 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.3 - Nikon)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.2 - Nikon)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
QuickTime (HKLM-x32\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.1 - Nikon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-281263272-3773558374-1387912350-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\bpruitt\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-281263272-3773558374-1387912350-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\bpruitt\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-281263272-3773558374-1387912350-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\bpruitt\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-281263272-3773558374-1387912350-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bpruitt\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

23-07-2015 22:27:05 2015 7 23 before BSOD virus removal
24-07-2015 03:25:29 2014 07 24 before virus fix 2
25-07-2015 22:37:14 2015 07 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2015-05-23 11:52 - 00450831 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BB8392E-EEF7-4314-8C55-4DD935A80C0B} - \Wse_binkiland No Task File <==== ATTENTION
Task: {208DCC17-FEB6-4AFB-B7EF-0235E65D35C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {2227E09B-6B76-448D-9A20-66B91735BEC4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31F27562-524D-495A-A8F4-14D962651FC1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {4926EDBF-8AA2-4E14-95F1-16A3A350A974} - System32\Tasks\{E030F300-BE18-4C91-B918-E57A194C1879} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
Task: {4DE984E6-7E14-4266-9FF9-23B96C958127} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7821F565-F2E5-4A4D-892B-150296BF032D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-06-29] (AVG Technologies)
Task: {AC81528E-A499-4B75-9261-292089E002BE} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-24 13:26 - 2015-07-07 11:46 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-07-13 16:11 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-29 10:24 - 2015-06-29 10:24 - 00718136 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-06-29 10:24 - 2015-06-29 10:24 - 00862008 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-281263272-3773558374-1387912350-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bpruitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "FileTransferForMobileGo"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{2D30910B-89A2-4A96-9E1C-1C1E39D4B5DA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{DB9702E9-38DF-4582-B781-940231C33DD9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{CCD4B6A8-91A2-4332-8CC8-A6D3876E6D39}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{087C4762-FE35-4EC2-BE18-1962D1589590}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{52CB1FE4-F5FB-4599-A338-B4BF37E79FD1}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{21FA0E23-A9BF-4C00-B1E7-EAA30F397809}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{A138BF14-60A4-411D-B3EF-0686682919AC}] => (Allow) LPort=1900
FirewallRules: [{D7B5C841-1264-4E92-9244-3359506ACC47}] => (Allow) LPort=2869
FirewallRules: [{1AB94965-8F43-48F8-9679-146469AE3F09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4E4D04D0-7426-43DD-86E4-E5FA3FAEEC5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B8B0930-BCC4-49BB-B466-9040BCBC1FCA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{BAD48111-1497-4494-A570-1678A1B488C0}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B186F2CC-57D0-42EE-A9B8-E40A86DCA6EC}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{BAA55B3B-8E14-4C7E-823E-0235CA168D24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5709CB9B-883B-46E3-988C-1E578770AA28}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{22294262-5025-4A7E-ABC6-B5524C3D1C71}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3B401E10-F3AE-4002-9A67-C07DB5A75D91}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{385C26D0-E5F4-4EDD-9537-17A38907914B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{604A5C43-4631-4302-996F-52C9109B856A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6F471158-BF51-4306-88C3-FB9BEEB19C46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D7912CC8-EB00-4BDB-8DC5-F3483B50C58C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9185107-1E15-446B-B4AE-0E2D531B4F73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C19F281-6F78-4899-B126-E1EDA4580B74}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{887EB4FF-0F8F-4DA3-883A-2AF683234294}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D329017B-CF95-4B99-AE02-55544E5A5255}] => (Allow) %systemroot%\system32\alg.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 01:31:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/29/2015 10:08:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/29/2015 07:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/29/2015 01:19:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2015 11:10:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2015 10:20:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2015 03:12:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2015 01:39:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2015 02:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x9cc
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (07/28/2015 01:39:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/01/2015 01:16:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (08/01/2015 01:16:32 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (08/01/2015 01:16:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:15:52 AM on ‎7/‎31/‎2015 was unexpected.

Error: (07/29/2015 08:19:56 AM) (Source: DCOM) (EventID: 10010) (User: Simon)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/29/2015 08:19:21 AM) (Source: DCOM) (EventID: 10010) (User: Simon)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/29/2015 07:30:51 AM) (Source: DCOM) (EventID: 10010) (User: Simon)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/29/2015 07:30:21 AM) (Source: DCOM) (EventID: 10010) (User: Simon)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/29/2015 06:33:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (07/29/2015 06:33:21 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (07/28/2015 02:23:45 PM) (Source: DCOM) (EventID: 10010) (User: Simon)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office:
=========================
Error: (08/01/2015 01:31:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/29/2015 10:08:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/29/2015 07:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/29/2015 01:19:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/28/2015 11:10:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/28/2015 10:20:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/28/2015 03:12:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/28/2015 01:39:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (07/28/2015 02:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd9cc01d0c9156535863cC:\Users\bpruitt\Documents\RootkitRevealer\RootkitRevealer.exeC:\Users\bpruitt\Documents\RootkitRevealer\RootkitRevealer.exea3463517-3508-11e5-bf17-008cfa41e310

Error: (07/28/2015 01:39:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Simon)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148


CodeIntegrity:
===================================
Date: 2015-07-29 08:21:01.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-29 08:21:01.252
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-29 08:19:51.821
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-29 08:19:51.664
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-29 07:31:39.849
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-29 07:31:39.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-28 15:09:20.018
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-28 15:09:19.721
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-28 14:25:00.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-28 14:25:00.361
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A10-4600M APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 7646.26 MB
Available physical RAM: 5490.64 MB
Total Virtual: 15326.26 MB
Available Virtual: 13079.61 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:686.97 GB) (Free:618.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

#5 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 04 August 2015 - 05:32 AM

UPDATE*****

 

I posted the addition.txt in the prior reply

 

I installed revo uninstaller: was able to find logs for spyhunter (successfully uninstalled using advanced feature) spybot search and destroy (successfully uninstalled using advanced feature) and I tried to uninstall the logs for AVG 2013 free (currently have paid subscription to AVG 2015) after two attempts I stopped because it would not uninstall it. I also noticed for nearly every log there are a couple logs for windows 7 and one for 8.1 and an occasional copy for windows 8.  I don't know why I would have windows 7 at all when the laptop came with windows 8???? There is so much crap in the logs I just gave up because it would take days to determine what should be kept and what should not

 

after the adwcleaner log was finished and I opened IE to post the logs, my homepage (google) popped up but a message did too that said "site loaded using SPDY"

 

following will be a copy and paste of fixlog.txt and adwcleaner log 

 

I am tired so tomorrow I will look around and play on the computer to see what other problems still exist that I would be able to distinguish. And again, thank you for helping me.  I think I still have a mess to clean but progress is great.  So thank you.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by bpruitt (2015-08-04 03:06:42) Run:1
Running from C:\Users\bpruitt\Desktop
Loaded Profiles: bpruitt (Available Profiles: bpruitt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skype.exe" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
EmptyTemp: => 2.5 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 03:07:59 ====

 

 

 

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 03:16:36
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bpruitt - SIMON
# Running from : C:\Users\bpruitt\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\TweakBit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
Folder Deleted : C:\Program Files (x86)\TweakBit

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\SlimWare Utilities Inc
Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5614 bytes] - [23/05/2015 02:01:00]
AdwCleaner[R1].txt - [2579 bytes] - [26/05/2015 22:48:33]
AdwCleaner[R2].txt - [2580 bytes] - [26/05/2015 22:49:10]
AdwCleaner[R3].txt - [3104 bytes] - [10/07/2015 03:48:39]
AdwCleaner[R4].txt - [2397 bytes] - [21/07/2015 19:54:55]
AdwCleaner[R5].txt - [1570 bytes] - [04/08/2015 03:14:26]
AdwCleaner[S0].txt - [1744 bytes] - [23/05/2015 02:03:11]
AdwCleaner[S1].txt - [2030 bytes] - [26/05/2015 22:55:43]
AdwCleaner[S2].txt - [3132 bytes] - [10/07/2015 03:52:35]
AdwCleaner[S3].txt - [2454 bytes] - [21/07/2015 20:11:41]
AdwCleaner[S4].txt - [1449 bytes] - [04/08/2015 03:16:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1508  bytes] ##########



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 04 August 2015 - 08:21 AM

Download and run the AVG Removal tool for the 2013 version.

http://www.avg.com/ca-en/utilities

===

Read about SPDY (pronounced "SPeeDY")

https://developers.gm/speed/spdy/?hl=en

====

Looks like you can disable this protocol.
https://angrytechnician.wordpress.com/2014/01/16/google-not-loading-first-time-in-ie11-via-a-web-proxy-on-windows-8-1-turn-off-spdy-support/

Keep me posted.

#7 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 August 2015 - 05:59 AM

Networks shows I have 2 computers, media devices, and network infrastructures

there are 4 users: bpruitt\default\default.migrated\public

 

I don't really understand, it is like the network has its own desktop, then the deeper I go the more confusing it is.

 

There are programs I do not want I see in the programs should I proceed forward and uninstall them????

 

Waiting for your thoughts....



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 06 August 2015 - 08:13 AM

Networks shows I have 2 computers, media devices, and network infrastructures
there are 4 users: bpruitt\default\default.migrated\public

I don't really understand, it is like the network has its own desktop, then the deeper I go the more confusing it is.


We do not service 2 different computers in the same Topic.

Lets stay with this one.

There are programs I do not want I see in the programs should I proceed forward and uninstall them????

If you are sure of what you are doing yes, otherwise let me know the name in the Installed List.

How is the computer running now?

#9 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 August 2015 - 03:19 PM

Please hang in there with me.  I have tried to slowly work on this. 

 

I am experiencing acute light sensitivity in one eye with extreme pain.  Window of vision is VERY SMALL and my environment must remain dark.  Only short sessions on the computer and my daughter is helping me.   

 

So please don't give up on me.  Between her and I we will talk this through.

 

Thank you.  I will get back shortly.

 

bpruitt



#10 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 August 2015 - 03:20 PM

couldn't dim the screen so I taped window tint to my laptop LOL.....ingenuity I reckon!  So I am trying.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 07 August 2015 - 06:23 AM

This is a long shut you may have already tried this dimmer software.

http://www.nelsonpires.com/software/dimmer/

Hope it helps.

#12 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 08 August 2015 - 03:46 AM

Thank you!  That works so good for me.  I now what programs I want to remove and I also think I can now explain some of my issues to you.

 

I will do that later this morning or tomorrow evening.

 

Again, thank you.  The dimmer helps so much!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 08 August 2015 - 07:40 AM

Glad we could help.

Keep me posted.

#14 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 08 August 2015 - 06:41 PM

To start...as for the laptop showing two computers, that was my problem.  I only own one computer.  So in file explorer the list starts as:

 

Homegroup

bpruitt

This PC

Libraries

Network

Control Panel

Recycle Bin

When I selected Network, it showed 2 computers, 2 media devices, 1 multifunction devices, 2 network infrastructure, 1 printer, 1 scanner

 

I removed bpruitt from the homegroup which now it only shows 1 of each. The strange network is Epsona.  I think the source of my issues date back to 2013. 

 

AMD Catalyst Install Manager (advanced micro devices,inc) and AMD Quick Stream (AppEx Networks)

 

As a matter of fact my internet stopped working last night.  I have had connection issues.

 

So between bpruitt, this pc, and network I was confused.  Then the additional users in Network, public, default, default.migrated????

 

 

 

OK, I don't know if it matters or not but my list of programs in the Revo and my control panel install dates do not match. I will send a list of programs, most of which I want to uninstall.

 

I never did uninstall anything as I just wanted guidance on it (I know most of them can go)

 

Again, thank you for your help, as always.

 



#15 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 08 August 2015 - 06:44 PM

Please see attached :cherry: Attached File  All Programs List.txt   11.02KB   2 downloadsAttached File  All Programs List.txt   11.02KB   2 downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users