Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please see my list. Thank you.


  • This topic is locked This topic is locked
11 replies to this topic

#1 bpruitt

bpruitt

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 16 January 2016 - 06:06 AM

I do not believe malwarebytes or AVG is working. Both show regular scans/updates but there is never an issue, threat....nothing, ODD!

Adobe Reader DC came back

In RevoUninstaller I see MSIexec.exe listed everywhere.  I have never seen that before.

Don't have a clue what Microsoft one drive is either but it in my programs.

Uninstalled Skype (it has always been an issue but avg said it was safe?

I think my Epson printer may be a problem?  Epson print finder, e web printing, etc have not heard of before don't know why I need them.

What is a GWX?

Wild Tangent came back but a household member said they delete it (that could have caused issues?)

Out of the blue, computer will be low on battery and will not charge when plugged in.  I have to remove battery and drain power. This last week this is an issue since Got notification to update Toshiba.  Seemed like a normal thing to do.

Seems like IE freezes or "gets stuck" on a page and have to refresh.

I honestly think problems on this computer started way back in 2013. When going through the C: drive the multiple folders that are empty and have not had activity since 2012 or 2013 is surprising to me but then again, I just use computers, not fix them or program them.

Oh and the PC tuneup tells me I have 27K + elements to clean up in windows, duplicate files as well (think they are the same issue??)

 

So...making a recovery disc at this point (which has never been done and I just learned of) probably wouldn't be a great idea?  How would I know if the recovery partition is still even any good?

 

Thank you for your help.

 

 

B

 

Attached File  Addition.txt   24.18KB   1 downloads

 

I am also trying to paste in my FRST text but I get a warning to paste in a box because of my settings, have never had that warning before either LOL.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by bpruitt (administrator) on SIMON (16-01-2016 01:27:42)
Running from C:\Users\bpruitt\Desktop
Loaded Profiles: bpruitt (Available Profiles: bpruitt & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\WINDOWS\System32\TODDSrv.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_IATIICE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIICE.EXE [283232 2014-12-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIICE.EXE [283232 2014-12-11] (SEIKO EPSON CORPORATION)
IFEO\bejeweled3-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fate-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gardenscapesmansionmakeover-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\knfb.reader.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\penguins-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\plantsvszombies-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\polar-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\srspanel_64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\taisregistration.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tcrdmain_win8.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tecoresident.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\thaccelview.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\toshibaappplace.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tpchviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\userguide.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vacationquestaustralia-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\virtualvillagers5newbelievers-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\youdajewelshop-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\bpruitt\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{CB4D8EEE-E04B-405C-9459-F3273DF2AE58}: [DhcpNameServer] 192.168.0.1 205.171.2.26

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-281263272-3773558374-1387912350-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> DefaultScope {804A7146-1701-4F21-B5F7-8996A729E4A8} URL = hxxp://www.the-arena.co.uk/default.aspx?sc={searchTerms}
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> {1751A90B-D5EB-452E-8BCD-16EA42121A37} URL =
SearchScopes: HKU\S-1-5-21-281263272-3773558374-1387912350-1001 -> {804A7146-1701-4F21-B5F7-8996A729E4A8} URL = hxxp://www.the-arena.co.uk/default.aspx?sc={searchTerms}
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-11-01] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S4 taisregispinger; C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2196120 2012-08-03] (Toshiba America Information Systems.)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
S2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation                           )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-20] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-08-20] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 01:27 - 2016-01-16 01:29 - 00015881 _____ C:\Users\bpruitt\Desktop\FRST.txt
2016-01-16 01:23 - 2016-01-16 01:23 - 02370560 _____ (Farbar) C:\Users\bpruitt\Desktop\FRST64.exe
2016-01-15 23:41 - 2016-01-15 23:44 - 00000000 ____D C:\Users\bpruitt\Cobian Backup transfer1
2016-01-15 22:58 - 2016-01-15 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-01-15 22:58 - 2016-01-15 22:58 - 00000000 ____D C:\Program Files\Cobian Backup 11
2016-01-15 22:41 - 2016-01-15 22:42 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\bpruitt\Downloads\cbSetup.exe
2016-01-15 00:01 - 2016-01-15 00:01 - 00000000 ____D C:\Users\bpruitt\AppData\Local\VS Revo Group
2016-01-15 00:00 - 2016-01-15 00:26 - 00001104 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-01-15 00:00 - 2016-01-15 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-15 00:00 - 2016-01-15 00:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-15 00:00 - 2016-01-15 00:00 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-15 00:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-01-14 23:29 - 2016-01-14 23:29 - 02129016 _____ C:\Users\bpruitt\pc optimizer removal.oxps
2016-01-14 23:00 - 2016-01-14 23:06 - 00000000 ____D C:\AdwCleaner
2016-01-14 14:09 - 2016-01-14 14:10 - 00000000 ____D C:\Users\bpruitt\Desktop\Family History
2016-01-12 13:04 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-12 13:04 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 13:04 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 13:04 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-12 13:04 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-12 13:04 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 13:04 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-12 13:04 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-12 13:04 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-12 13:04 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-12 13:04 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-12 13:04 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 13:04 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-12 13:04 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-12 13:04 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-12 13:04 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-12 13:04 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-12 13:04 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-12 13:04 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-12 13:04 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-12 13:04 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 13:03 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-12 13:03 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-12 13:03 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 13:03 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 13:03 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-12 13:03 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 13:03 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-12 13:03 - 2015-12-03 09:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-12 13:03 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 13:03 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-12 13:03 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 13:03 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 13:03 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-12 13:03 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 13:03 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-12 13:03 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 13:03 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-12 13:03 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 13:03 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 13:03 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 13:03 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 13:02 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 13:02 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-12 13:02 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-12 13:02 - 2015-12-09 16:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-12 13:02 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 13:02 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 13:02 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-12 13:02 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-12 13:02 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-12 13:02 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-12 13:02 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-12 13:02 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-12 13:02 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-12 13:02 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-12 13:02 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-12 13:02 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-12 13:02 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-12 13:02 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-12 13:02 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-12 13:02 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 13:02 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 13:02 - 2015-11-17 13:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-12 13:01 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 13:01 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-11 18:31 - 2016-01-11 18:31 - 00436015 _____ C:\Users\bpruitt\Search - BeenVerified.mht
2016-01-09 00:18 - 2016-01-09 00:18 - 00257958 ____N C:\Users\bpruitt\Documents\ccd 1.pdf
2016-01-09 00:17 - 2016-01-09 00:17 - 00581313 ____N C:\Users\bpruitt\Documents\ccd 3.pdf
2016-01-09 00:17 - 2016-01-09 00:17 - 00338796 ____N C:\Users\bpruitt\Documents\ccd 2.pdf
2016-01-02 22:59 - 2016-01-03 02:05 - 00013627 ____N C:\Users\bpruitt\Desktop\doc bill template.odt
2016-01-02 20:17 - 2016-01-02 20:17 - 00012003 ____N C:\Users\bpruitt\Desktop\doc appt info.ods
2015-12-21 21:50 - 2015-12-22 00:53 - 00000000 ____D C:\Users\bpruitt\Desktop\Binder Inserts
2015-12-18 23:42 - 2015-12-29 02:58 - 00000000 ____D C:\Users\bpruitt\Downloads\Court Downloads

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 01:27 - 2015-08-01 00:32 - 00000000 ____D C:\FRST
2016-01-16 00:58 - 2015-08-11 22:44 - 00000000 ____D C:\ProgramData\MFAData
2016-01-16 00:01 - 2015-08-11 21:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-281263272-3773558374-1387912350-1001
2016-01-15 23:42 - 2015-08-20 12:40 - 00000000 ____D C:\Users\bpruitt
2016-01-15 22:21 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-15 22:17 - 2015-08-11 22:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-15 22:16 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-15 15:37 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-15 15:20 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-01-15 12:36 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2016-01-15 10:52 - 2015-12-04 02:07 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 10:52 - 2015-12-04 02:07 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 14:00 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-14 02:43 - 2015-08-23 19:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-14 02:43 - 2014-11-21 07:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-13 22:17 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 23:46 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-12 22:44 - 2015-08-16 12:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 22:41 - 2015-08-16 12:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 22:20 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-10 23:52 - 2012-11-14 21:30 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-10 23:52 - 2012-11-14 21:26 - 00000000 ____D C:\Program Files\Toshiba
2016-01-10 23:29 - 2015-08-11 21:43 - 00000000 ____D C:\Users\bpruitt\AppData\Local\TOSHIBA
2016-01-10 15:14 - 2012-11-14 21:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-10 15:14 - 2012-11-14 21:35 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-01-10 15:13 - 2012-11-14 21:35 - 00000000 ____D C:\ProgramData\WildTangent
2016-01-10 15:12 - 2015-08-29 04:51 - 00000000 ____D C:\ProgramData\Skype
2016-01-10 15:08 - 2012-11-14 21:55 - 00001084 _____ C:\Users\Public\Desktop\Desktop Assist.lnk
2016-01-09 20:30 - 2015-12-04 01:16 - 00000000 ____D C:\Users\bpruitt\AppData\Local\ElevatedDiagnostics
2016-01-09 01:09 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-09 01:09 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-09 00:14 - 2015-11-28 20:43 - 00000000 ____D C:\Users\bpruitt\Documents\Sue
2016-01-05 12:04 - 2014-11-21 08:03 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 12:04 - 2014-11-21 08:03 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-19 00:16 - 2015-08-20 13:07 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-19 00:16 - 2015-08-20 13:07 - 00000000 ___SD C:\WINDOWS\system32\GWX

 

 

 



BC AdBot (Login to Remove)

 


#2 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 16 January 2016 - 02:51 PM

I also ran adware (before the FRST and ADDITION, it removed 3 items but don't know what they were.

 

What is this: revouninstaller shows many MsiExec.exe files, I have never seen msiexec files in multiples appear

 

bpruitt user has the same settings meaning it can run as an administrator all the time?  This would allow kids to do anything on the computer right?

 

I could not turn on windows security and shut off malwarebytes and avg.

 

Thanks

B

 

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 17 January 2016 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

First to answer some of your concerned.

In RevoUninstaller I see MSIexec.exe listed everywhere

Read about MSIexec.exe
http://www.neuber.com/taskmanager/process/msiexec.exe.html
===

Don't have a clue what Microsoft one drive is either but it in my programs.

Read about it.
https://onedrive.live.com/about/en-ca/
===

I think my Epson printer may be a problem? Epson print finder, e web printing, etc have not heard of before don't know why I need them.

Installed by Epson. Leave it alone.
===

What is a GWX?

It's par of WINDOWS 10 UPDATE.
Your best bet right now, if you have Windows 7 or 8.1 and don't want to upgrade to Windows 10 just yet - remember, you have until July 28, 2016 to upgrade for free - is to cut KB 3035583 off at the knees. The easiest way to do that is by running GWX Control Panel**. Microsoft has provided no changelog, of course, and no indication what this version of Get Windows 10 does that's any different from the five previous versions..."

Read the instructions and decide if you want to run this tool.
http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

Download site.
http://ultimateoutsider.com/downloads/

p.s.
It may be too late for you to get the free update.
===

Wild Tangent came back but a household member said they delete it (that could have caused issues?)

This fix will remove the related folders.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\bejeweled3-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fate-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gardenscapesmansionmakeover-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\knfb.reader.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\penguins-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\plantsvszombies-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\polar-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\srspanel_64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\taisregistration.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tcrdmain_win8.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tecoresident.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\thaccelview.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\toshibaappplace.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tpchviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\userguide.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vacationquestaustralia-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\virtualvillagers5newbelievers-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\youdajewelshop-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
C:\Program Files (x86)\WildTangent Games
C:\ProgramData\WildTangent

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The other issues may be due to some hardware problems.

As for the Toshiba update I would do it.

Please post the logs and let me know what problems persists.

#4 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 18 January 2016 - 04:20 AM

First off, thank you for your help.  Sorry for the delay in response as we had a birthday baby today.  Tomorrow I will not have computer access until evening to do any chores you send my way to resolve my issues.

 

I ran the fix as you said and will paste it in at the end.

I read the materials you provided links for and I thank you.

I understand one drive and again, I will deal with that later since it magically appeared along with an add on called Arena? But whatever the case, these little presents that have appeared, again...are probably not that big of a deal.

I will decide on the windows 10 later as I think I have bigger fish to fry at the moment and I will explain the best I can.

After I ran the fix, AVG did its normal run after the restart and Surprise (not) there were not any issues.  So I looked at all settings for it and malwarebytes and two things have now come about: 

1. I now see why the control panel and revouninstaller show multiple AVG programs.  AVG 2015,  AVG internet and AVG PC tuneup (they are probably all conflicting with windows and malwarebytes, I have not a clue).  The point being, I have not ran antivirus at all as AVG 2015 has a size of 0 (zero, zip, nada) Along with a couple of other programs that are probably pretty important like Realtek WLAN driver, audio driver, card reader, blah blah blah.  Comparing a few to revo uninstaller (which I know is not a direct comparison) is where I find the cute uninstall strings that have strange letters at the end of the string, or the string says run from temp and most all strings begin with the msiexec. And by the way, I am running AVG internet, amazing what happens when you read :thumbup2:

 

2. I said all that to bring me to agenda 2 which was to go back to your first link for PC Mechanic.  My heart was pounding but thought what the hell, just run it.  And for the love of all things holy, surprise! malwarebytes and avg internet decided to work for the first time in ages and no matter what I did, that little gem was not going to run by golly.  Got some warning about my drivers.

 

And also when I posted that I ran adware but couldn't remember what it removed, it was something to do with Skype and malwarebytes did catch it too on 12/04.

I am beyond frustrated so I will call it a night. My son came to visit and told me I probably have some cryptic virus thing which nearly gave me heart failure so I had rather go to bed.

 

Here is the log you helped me produce and again, thank you very much for helping me

B

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by bpruitt (2016-01-17 19:07:00) Run:2
Running from C:\Users\bpruitt\Desktop
Loaded Profiles: bpruitt (Available Profiles: bpruitt & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\bejeweled3-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fate-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gardenscapesmansionmakeover-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\knfb.reader.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\penguins-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\plantsvszombies-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\polar-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\srspanel_64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\taisregistration.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tcrdmain_win8.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tecoresident.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\thaccelview.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\toshibaappplace.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tpchviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\userguide.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vacationquestaustralia-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\virtualvillagers5newbelievers-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\youdajewelshop-wt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
C:\Program Files (x86)\WildTangent Games
C:\ProgramData\WildTangent

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bejeweled3-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fate-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gardenscapesmansionmakeover-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\knfb.reader.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcdiag.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\penguins-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plantsvszombies-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\polar-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srspanel_64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taisregistration.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tcrdmain_win8.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tecoresident.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\thaccelview.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\toshibaappplace.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tpchviewer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\userguide.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vacationquestaustralia-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\virtualvillagers5newbelievers-wt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\youdajewelshop-wt.exe" => key removed successfully
C:\Program Files (x86)\WildTangent Games => moved successfully
C:\ProgramData\WildTangent => moved successfully
EmptyTemp: => 2.1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:07:46 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 18 January 2016 - 09:27 AM

Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

Let me know what problem persists.

Please make you comment as short as possible.
Leave a blank space after each one.
Thanks.

#6 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 19 January 2016 - 05:02 AM

I have not been home long enough today to really do a lot.  One thing that stands out is that IE seems to "get stuck" if a page is up too long or scrolling down to the bottom of a page.

 

Attached is the requested log.

 

Again, thank you for your help

 

B

 

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 19 January 2016 - 10:08 AM


Try this.

Open IE > Tools > Internet Options > Select the Advanced tab.

Select "Restore Advanced settings"

Restart the IE as suggested.

Do the same to reset the settings, click the Reset... buttom click the Apply button.
Restart the computer normally.

If that fails to improve the situation run this cleaning tool.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Keep me posted.

#8 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 20 January 2016 - 12:44 AM

IE advanced settings restored and settings reset.

 

Manage add-ons search providers showed:

1. The Arena (this just popped up recently)

2. Bing

3. Bing

4. Google

 

Haven't had major issues as of yet just some refreshing while browsing

 

Thanks for your help,

B

 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by bpruitt (Administrator) on Tue 01/19/2016 at 21:20:47.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 3

Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSCANNER.EXE-F4F2B9F0.pf (File)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1751A90B-D5EB-452E-8BCD-16EA42121A37} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/19/2016 at 21:23:05.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 20 January 2016 - 08:58 AM

1. The Arena (this just popped up recently)


Unless you know what this is I would remove it.

p.s.
Could it be this.
http://www.curse.com/addons/wow/category/arena

#10 bpruitt

bpruitt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 20 January 2016 - 04:32 PM

Thank you.  I will do.

 

So far nothing amiss and computer seems to be running appropriately for the moment.

 

Thank you for helping me

B



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 21 January 2016 - 09:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 27 January 2016 - 09:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users