Hello Techspot gods, my laptop has a pop out box stuck on the desktop rendering the area useless. Safemode allows me to come here.
As per guidelines here is the FRST log, the addition.txt in the following post.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by greg (administrator) on REDMACK620 on 03-06-2015 00:43:37
Running from C:\Users\greg\OneDrive\Pictures\Desktop
Loaded Profiles: greg (Available Profiles: greg & Administrator & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-04-01] (NVIDIA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-05] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [SacReminderBOX] => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-02] (SAC)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {394aaf3d-1ef3-11e4-bf36-24fd524d85ec} - "E:\AutoRun.exe"
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {495dbc98-f088-11e4-824f-24fd524d85ec} - "F:\AutoRun.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-04-01] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartUtilityUpdate.lnk [2015-05-10]
ShortcutTarget: SmartUtilityUpdate.lnk -> C:\Users\greg\AppData\Local\SmartUtilityUpdate\SmartUtilityUpdate.exe (TechnoChrome LLC)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mytoshiba.com.au/start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {D0AD99D8-2C60-445A-B109-B7F58CA460CC} URL =
SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {EF860DF9-0DB4-4950-8BE1-CEC61189B9FF} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-02] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: https://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-02] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Extension: auto-plugin-checker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\auto-plugin-checker@jetpack.xpi [2015-05-19]
FF Extension: CensureBlock - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\censureblock@gmail.com.xpi [2015-05-02]
FF Extension: Strict Pop-up Blocker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-02]
FF Extension: Adblock Plus - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
FF HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1522664 2015-05-18] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 CFUACProxy_boxsoftware; C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [83792 2011-11-02] (Storage Appliance Corp.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-26] ()
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165488 2012-12-19] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-27] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2015-05-10] (Kingsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-06-03] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-03] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 00:43 - 2015-06-03 00:43 - 00000000 ____D () C:\FRST
2015-06-03 00:37 - 2015-06-03 00:37 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2015-06-03 00:34 - 2015-06-03 00:34 - 00000000 ____D () C:\NPE
2015-06-03 00:29 - 2015-06-03 00:37 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2015-06-03 00:29 - 2015-06-03 00:37 - 00000000 ____D () C:\Users\greg\AppData\Local\NPE
2015-06-03 00:18 - 2015-06-03 00:18 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-06-03 00:18 - 2015-06-03 00:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-06-03 00:17 - 2015-06-03 00:17 - 00033853 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 15:45 - 2015-06-01 15:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-01 12:25 - 2015-06-01 12:39 - 00000000 ____D () C:\AdwCleaner
2015-06-01 12:18 - 2015-06-01 12:18 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Malwarebytes
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-01 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-30 19:30 - 2015-05-30 19:30 - 00000000 ____D () C:\WINDOWS\pss
2015-05-30 10:07 - 2015-05-30 10:07 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-05-30 00:23 - 2015-05-30 00:30 - 00000000 ____D () C:\Users\greg\Camera Roll
2015-05-20 03:03 - 2015-05-20 03:04 - 171245482 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Wed, 20-May-2015[3 3 52].rrs4
2015-05-20 02:54 - 2015-05-20 02:54 - 00000000 ____D () C:\Unformat_Images
2015-05-20 02:51 - 2015-05-20 02:51 - 00003252 _____ () C:\WINDOWS\System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2}
2015-05-19 14:48 - 2015-05-19 16:04 - 00000000 ____D () C:\ProgramData\Protexis
2015-05-19 14:46 - 2015-05-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\ProgramData\Broderbund
2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\Program Files (x86)\Broderbund
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TypeFaster
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Program Files (x86)\TypeFaster
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.1
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\Program Files (x86)\File Scavenger 4.1
2015-05-18 11:37 - 2015-05-20 10:01 - 00000000 ____D () C:\Program Files (x86)\Convar
2015-05-18 11:29 - 2015-05-18 11:29 - 00000000 ____D () C:\Program Files\EaseUS
2015-05-18 11:19 - 2015-05-18 11:19 - 00000000 ____D () C:\Program Files (x86)\CodeMeter
2015-05-17 16:18 - 2015-05-17 16:19 - 171088206 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Sun, 17-May-2015[16 18 52].rrs4
2015-05-17 16:15 - 2015-05-20 03:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-17 16:14 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2015-05-17 16:03 - 2015-05-17 16:03 - 00000000 ____D () C:\Program Files (x86)\IUWEshare
2015-05-17 15:42 - 2015-05-17 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\AmazingFileRecovery
2015-05-16 22:30 - 2015-05-16 22:30 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-72ec5905-f21e-434b-9df8-3a3ecd072211
2015-05-16 13:06 - 2015-05-16 13:06 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\002GJN
2015-05-15 14:41 - 2015-05-15 14:41 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-9b6fb606-a48c-4705-a2d4-1453ec417a5a
2015-05-14 17:54 - 2015-05-01 04:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:54 - 2015-05-01 04:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 12:50 - 2015-05-14 12:50 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\OneNote Notebooks
2015-05-14 10:30 - 2015-05-14 10:30 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-05-13 16:24 - 2015-01-30 08:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 16:23 - 2015-05-01 07:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 16:23 - 2015-05-01 06:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 16:23 - 2015-04-10 08:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 16:23 - 2015-04-10 08:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 16:23 - 2015-04-02 06:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 16:23 - 2015-04-02 06:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 16:23 - 2015-04-01 11:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 16:23 - 2015-04-01 10:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 16:23 - 2015-03-20 09:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 16:23 - 2015-03-18 01:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 16:23 - 2015-03-13 09:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 16:23 - 2015-03-13 08:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 16:23 - 2015-03-09 10:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 16:23 - 2015-03-04 09:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 16:23 - 2015-03-04 09:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 16:22 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 16:22 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 16:22 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 16:22 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 16:22 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 16:22 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 16:22 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 16:22 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 16:22 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 16:22 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 16:22 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 16:22 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 16:22 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 16:22 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 16:22 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 16:22 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 16:22 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 16:21 - 2015-04-25 05:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 16:21 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 16:21 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 16:21 - 2015-04-22 00:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 16:21 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 16:21 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 16:21 - 2015-04-22 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 16:21 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 16:21 - 2015-04-21 23:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 16:21 - 2015-04-21 23:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 16:21 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 16:21 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 16:21 - 2015-04-21 23:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 16:21 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 16:21 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 16:21 - 2015-04-21 23:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 16:21 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 16:21 - 2015-04-21 23:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 16:21 - 2015-04-21 23:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 16:21 - 2015-04-21 23:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 16:21 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 16:21 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 16:21 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 16:21 - 2015-04-14 06:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 16:21 - 2015-04-10 09:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 16:21 - 2015-04-10 08:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 16:21 - 2015-04-10 08:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 16:21 - 2015-04-09 06:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 16:21 - 2015-04-03 08:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 16:21 - 2015-04-03 08:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 16:21 - 2015-03-30 13:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 16:21 - 2015-03-27 11:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 16:21 - 2015-03-27 10:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 16:21 - 2015-03-27 10:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 16:21 - 2015-03-13 12:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 16:21 - 2015-03-13 12:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 16:21 - 2015-03-13 10:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 16:21 - 2015-03-13 08:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 16:21 - 2015-03-06 11:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 16:21 - 2015-03-06 10:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 16:21 - 2015-03-06 10:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 16:21 - 2015-03-05 07:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 16:21 - 2015-02-18 07:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-11 12:08 - 2015-05-11 12:08 - 00000000 ____D () C:\ProgramData\Synaptics
2015-05-10 20:51 - 2015-05-10 20:51 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-10 20:51 - 2015-05-10 20:51 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 12:16 - 2015-05-10 12:17 - 00000000 ____D () C:\Users\greg\AppData\Roaming\SMART PC TUNER
2015-05-10 12:09 - 2015-05-10 12:09 - 00000000 ____D () C:\Users\greg\AppData\Local\TechnoChrome_LLC
2015-05-10 12:07 - 2015-05-10 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Tuner
2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Users\greg\AppData\Local\SmartUtilityUpdate
2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Program Files (x86)\TechnoChrome LLC
2015-05-10 12:05 - 2015-05-10 12:05 - 00000000 ____D () C:\Users\greg\AppData\Roaming\TechnoChrome LLC
2015-05-10 11:50 - 2015-05-10 11:50 - 00000000 ____D () C:\ProgramData\cmcm
2015-05-10 11:50 - 2015-05-10 11:49 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2015-05-10 11:49 - 2015-05-10 11:49 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2015-05-10 11:49 - 2015-05-10 11:49 - 00000000 ____D () C:\Program Files (x86)\cmcm
2015-05-07 13:58 - 2015-05-20 17:25 - 00007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-05-07 12:07 - 2015-05-26 10:51 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F7463E1-A7A9-46AF-B237-0305C22DE536}
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieUserList
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieSiteList
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieBrowserModeList
2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-05-07 11:31 - 2015-05-07 11:31 - 00000386 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD STICK (E).lnk
2015-05-06 17:36 - 2015-05-06 17:36 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-06 17:36 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-06 17:35 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files\iPod
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-06 17:33 - 2015-05-06 17:33 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-06 16:26 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-05-06 16:24 - 2015-05-10 19:10 - 00000000 ____D () C:\Program Files\iTunes
2015-05-05 22:57 - 2015-05-11 12:37 - 00000000 ____D () C:\Users\greg\mitchells port headland
2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\MIXED PHOTOS 2014
2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\ike my best mate (rip)
2015-05-05 19:42 - 2015-06-03 00:19 - 00000000 ___RD () C:\Users\greg\OneDrive
2015-05-05 16:06 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-05-05 16:05 - 2015-05-05 16:05 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2015-05-05 16:05 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOL.dll
2015-05-05 16:05 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOU.dll
2015-05-05 16:05 - 2012-05-15 16:03 - 00096512 _____ () C:\WINDOWS\SysWOW64\CNC1769D.TBL
2015-05-05 16:05 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-05-05 16:03 - 2015-05-05 16:03 - 00002052 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-05-05 15:58 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-05 15:58 - 2015-05-05 16:04 - 00000000 ____D () C:\Program Files\Canon
2015-05-05 15:57 - 2015-05-05 15:57 - 00002389 _____ () C:\Users\Public\Desktop\Canon MX520 series On-screen Manual.lnk
2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX520 series Manual
2015-05-05 15:55 - 2015-05-05 15:56 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-05 15:08 - 2015-06-01 12:12 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-05 14:47 - 2015-05-05 14:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\STRING
2015-05-04 20:51 - 2015-05-05 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Canon
2015-05-04 20:51 - 2015-05-04 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-05-04 20:44 - 2015-05-05 16:03 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-05-04 20:31 - 2015-05-04 20:31 - 00000000 ____D () C:\WINDOWS\system32\STRING
2015-05-04 20:31 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBO.DLL
2015-05-04 20:31 - 2012-07-31 17:18 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-05-04 20:31 - 2012-07-31 17:18 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-05-04 20:31 - 2012-07-31 17:17 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-05-04 20:29 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBO.DLL
2015-05-04 20:22 - 2015-05-05 16:07 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-04 20:22 - 2015-05-04 20:22 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-05-04 14:14 - 2015-05-04 14:14 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2015-05-04 10:42 - 2015-05-12 09:00 - 00000000 ____D () C:\Users\greg\AppData\Roaming\EssentialGrammarInUse
2015-05-04 10:42 - 2015-05-04 10:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\cld3-lookup
2015-05-04 10:41 - 2015-05-04 10:41 - 00000000 __RHD () C:\Users\greg\AppData\Roaming\SecuROM
2015-05-04 10:39 - 2015-05-04 10:39 - 00002358 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essential Grammar in Use.lnk
2015-05-04 10:38 - 2015-05-04 10:38 - 00000000 ____D () C:\Program Files (x86)\Cambridge
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 00:33 - 2013-08-22 21:25 - 11272192 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-03 00:20 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 00:19 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\greg
2015-06-03 00:17 - 2015-05-02 21:53 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620
2015-06-03 00:17 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-02 23:25 - 2015-05-01 21:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-02 23:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 19:21 - 2014-11-21 16:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 12:12 - 2015-05-01 14:39 - 00000438 _____ () C:\WINDOWS\Tasks\DriverUpdate Startup.job
2015-05-30 23:30 - 2015-05-01 13:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144771067-2304087280-3493909680-1002
2015-05-30 19:21 - 2015-05-01 14:45 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Guest
2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Administrator
2015-05-29 23:17 - 2015-05-01 17:46 - 00000000 ____D () C:\Program Files\Recuva
2015-05-28 12:51 - 2015-05-01 13:25 - 00000000 ____D () C:\Users\greg\AppData\Local\Packages
2015-05-24 11:14 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-23 11:42 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 16:39 - 2015-05-01 14:39 - 00000492 _____ () C:\WINDOWS\Tasks\DriverUpdate Scan.job
2015-05-22 11:11 - 2015-05-01 14:51 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-22 11:11 - 2015-05-01 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-22 11:06 - 2015-05-02 19:03 - 00000000 ____D () C:\Users\greg\AppData\Local\Avg
2015-05-20 18:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-20 10:01 - 2015-05-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 14:26 - 2015-05-02 01:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-19 10:01 - 2015-05-01 21:02 - 00000000 ____D () C:\Users\greg\AppData\Local\Adobe
2015-05-19 09:41 - 2015-05-01 21:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-19 09:08 - 2015-05-02 18:57 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-19 09:08 - 2013-03-31 12:47 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 16:39 - 2013-08-22 22:44 - 00482672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 11:31 - 2015-05-01 21:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-14 17:54 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 17:53 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:32 - 2015-05-02 03:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 17:27 - 2015-05-02 03:48 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 17:17 - 2014-11-21 16:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 13:53 - 2014-09-09 14:13 - 00000000 __RHD () C:\MSOCache
2015-05-10 21:03 - 2015-05-01 14:39 - 00000000 ____D () C:\Users\greg\AppData\Local\CrashDumps
2015-05-07 12:03 - 2015-05-02 14:12 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Apple Computer
2015-05-07 11:40 - 2015-05-01 21:05 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-07 11:40 - 2015-05-01 21:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-06 17:32 - 2015-05-02 14:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-06 17:31 - 2015-05-02 14:06 - 00000000 ____D () C:\ProgramData\Apple
2015-05-06 15:05 - 2015-05-03 04:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-06 15:05 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-06 13:03 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-06 01:59 - 2014-11-22 00:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-06 01:59 - 2014-11-22 00:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 21:13 - 2015-05-01 13:27 - 00000000 ____D () C:\Users\greg\AppData\Local\VirtualStore
2015-05-05 16:05 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media
==================== Files in the root of some directories =======
2015-05-07 13:58 - 2015-05-20 17:25 - 0007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-22 18:00
==================== End of log ============================
As per guidelines here is the FRST log, the addition.txt in the following post.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by greg (administrator) on REDMACK620 on 03-06-2015 00:43:37
Running from C:\Users\greg\OneDrive\Pictures\Desktop
Loaded Profiles: greg (Available Profiles: greg & Administrator & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-04-01] (NVIDIA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-05] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [SacReminderBOX] => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-02] (SAC)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {394aaf3d-1ef3-11e4-bf36-24fd524d85ec} - "E:\AutoRun.exe"
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {495dbc98-f088-11e4-824f-24fd524d85ec} - "F:\AutoRun.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-04-01] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartUtilityUpdate.lnk [2015-05-10]
ShortcutTarget: SmartUtilityUpdate.lnk -> C:\Users\greg\AppData\Local\SmartUtilityUpdate\SmartUtilityUpdate.exe (TechnoChrome LLC)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mytoshiba.com.au/start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {D0AD99D8-2C60-445A-B109-B7F58CA460CC} URL =
SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {EF860DF9-0DB4-4950-8BE1-CEC61189B9FF} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-02] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: https://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-02] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Extension: auto-plugin-checker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\auto-plugin-checker@jetpack.xpi [2015-05-19]
FF Extension: CensureBlock - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\censureblock@gmail.com.xpi [2015-05-02]
FF Extension: Strict Pop-up Blocker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-02]
FF Extension: Adblock Plus - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
FF HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1522664 2015-05-18] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 CFUACProxy_boxsoftware; C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [83792 2011-11-02] (Storage Appliance Corp.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-26] ()
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165488 2012-12-19] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-27] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2015-05-10] (Kingsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-06-03] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-03] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 00:43 - 2015-06-03 00:43 - 00000000 ____D () C:\FRST
2015-06-03 00:37 - 2015-06-03 00:37 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2015-06-03 00:34 - 2015-06-03 00:34 - 00000000 ____D () C:\NPE
2015-06-03 00:29 - 2015-06-03 00:37 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2015-06-03 00:29 - 2015-06-03 00:37 - 00000000 ____D () C:\Users\greg\AppData\Local\NPE
2015-06-03 00:18 - 2015-06-03 00:18 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-06-03 00:18 - 2015-06-03 00:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-06-03 00:17 - 2015-06-03 00:17 - 00033853 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 15:45 - 2015-06-01 15:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-01 12:25 - 2015-06-01 12:39 - 00000000 ____D () C:\AdwCleaner
2015-06-01 12:18 - 2015-06-01 12:18 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Malwarebytes
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-01 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-30 19:30 - 2015-05-30 19:30 - 00000000 ____D () C:\WINDOWS\pss
2015-05-30 10:07 - 2015-05-30 10:07 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-05-30 00:23 - 2015-05-30 00:30 - 00000000 ____D () C:\Users\greg\Camera Roll
2015-05-20 03:03 - 2015-05-20 03:04 - 171245482 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Wed, 20-May-2015[3 3 52].rrs4
2015-05-20 02:54 - 2015-05-20 02:54 - 00000000 ____D () C:\Unformat_Images
2015-05-20 02:51 - 2015-05-20 02:51 - 00003252 _____ () C:\WINDOWS\System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2}
2015-05-19 14:48 - 2015-05-19 16:04 - 00000000 ____D () C:\ProgramData\Protexis
2015-05-19 14:46 - 2015-05-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\ProgramData\Broderbund
2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\Program Files (x86)\Broderbund
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TypeFaster
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster
2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Program Files (x86)\TypeFaster
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.1
2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\Program Files (x86)\File Scavenger 4.1
2015-05-18 11:37 - 2015-05-20 10:01 - 00000000 ____D () C:\Program Files (x86)\Convar
2015-05-18 11:29 - 2015-05-18 11:29 - 00000000 ____D () C:\Program Files\EaseUS
2015-05-18 11:19 - 2015-05-18 11:19 - 00000000 ____D () C:\Program Files (x86)\CodeMeter
2015-05-17 16:18 - 2015-05-17 16:19 - 171088206 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Sun, 17-May-2015[16 18 52].rrs4
2015-05-17 16:15 - 2015-05-20 03:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-17 16:14 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2015-05-17 16:03 - 2015-05-17 16:03 - 00000000 ____D () C:\Program Files (x86)\IUWEshare
2015-05-17 15:42 - 2015-05-17 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\AmazingFileRecovery
2015-05-16 22:30 - 2015-05-16 22:30 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-72ec5905-f21e-434b-9df8-3a3ecd072211
2015-05-16 13:06 - 2015-05-16 13:06 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\002GJN
2015-05-15 14:41 - 2015-05-15 14:41 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-9b6fb606-a48c-4705-a2d4-1453ec417a5a
2015-05-14 17:54 - 2015-05-01 04:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:54 - 2015-05-01 04:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 12:50 - 2015-05-14 12:50 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\OneNote Notebooks
2015-05-14 10:30 - 2015-05-14 10:30 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-05-13 16:24 - 2015-01-30 08:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 16:23 - 2015-05-01 07:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 16:23 - 2015-05-01 06:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 16:23 - 2015-04-10 08:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 16:23 - 2015-04-10 08:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 16:23 - 2015-04-02 06:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 16:23 - 2015-04-02 06:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 16:23 - 2015-04-01 11:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 16:23 - 2015-04-01 10:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 16:23 - 2015-03-20 09:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 16:23 - 2015-03-18 01:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 16:23 - 2015-03-13 09:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 16:23 - 2015-03-13 08:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 16:23 - 2015-03-09 10:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 16:23 - 2015-03-04 09:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 16:23 - 2015-03-04 09:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 16:22 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 16:22 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 16:22 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 16:22 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 16:22 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 16:22 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 16:22 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 16:22 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 16:22 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 16:22 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 16:22 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 16:22 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 16:22 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 16:22 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 16:22 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 16:22 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 16:22 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 16:21 - 2015-04-25 05:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 16:21 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 16:21 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 16:21 - 2015-04-22 00:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 16:21 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 16:21 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 16:21 - 2015-04-22 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 16:21 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 16:21 - 2015-04-21 23:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 16:21 - 2015-04-21 23:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 16:21 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 16:21 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 16:21 - 2015-04-21 23:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 16:21 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 16:21 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 16:21 - 2015-04-21 23:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 16:21 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 16:21 - 2015-04-21 23:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 16:21 - 2015-04-21 23:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 16:21 - 2015-04-21 23:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 16:21 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 16:21 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 16:21 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 16:21 - 2015-04-14 06:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 16:21 - 2015-04-10 09:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 16:21 - 2015-04-10 08:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 16:21 - 2015-04-10 08:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 16:21 - 2015-04-09 06:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 16:21 - 2015-04-03 08:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 16:21 - 2015-04-03 08:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 16:21 - 2015-03-30 13:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 16:21 - 2015-03-27 11:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 16:21 - 2015-03-27 10:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 16:21 - 2015-03-27 10:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 16:21 - 2015-03-13 12:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 16:21 - 2015-03-13 12:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 16:21 - 2015-03-13 10:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 16:21 - 2015-03-13 08:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 16:21 - 2015-03-06 11:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 16:21 - 2015-03-06 10:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 16:21 - 2015-03-06 10:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 16:21 - 2015-03-05 07:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 16:21 - 2015-02-18 07:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-11 12:08 - 2015-05-11 12:08 - 00000000 ____D () C:\ProgramData\Synaptics
2015-05-10 20:51 - 2015-05-10 20:51 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-10 20:51 - 2015-05-10 20:51 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 12:16 - 2015-05-10 12:17 - 00000000 ____D () C:\Users\greg\AppData\Roaming\SMART PC TUNER
2015-05-10 12:09 - 2015-05-10 12:09 - 00000000 ____D () C:\Users\greg\AppData\Local\TechnoChrome_LLC
2015-05-10 12:07 - 2015-05-10 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Tuner
2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Users\greg\AppData\Local\SmartUtilityUpdate
2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Program Files (x86)\TechnoChrome LLC
2015-05-10 12:05 - 2015-05-10 12:05 - 00000000 ____D () C:\Users\greg\AppData\Roaming\TechnoChrome LLC
2015-05-10 11:50 - 2015-05-10 11:50 - 00000000 ____D () C:\ProgramData\cmcm
2015-05-10 11:50 - 2015-05-10 11:49 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2015-05-10 11:49 - 2015-05-10 11:49 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2015-05-10 11:49 - 2015-05-10 11:49 - 00000000 ____D () C:\Program Files (x86)\cmcm
2015-05-07 13:58 - 2015-05-20 17:25 - 00007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-05-07 12:07 - 2015-05-26 10:51 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F7463E1-A7A9-46AF-B237-0305C22DE536}
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieUserList
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieSiteList
2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieBrowserModeList
2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-05-07 11:31 - 2015-05-07 11:31 - 00000386 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD STICK (E).lnk
2015-05-06 17:36 - 2015-05-06 17:36 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-06 17:36 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-06 17:35 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files\iPod
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-06 17:33 - 2015-05-06 17:33 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-06 16:26 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-05-06 16:24 - 2015-05-10 19:10 - 00000000 ____D () C:\Program Files\iTunes
2015-05-05 22:57 - 2015-05-11 12:37 - 00000000 ____D () C:\Users\greg\mitchells port headland
2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\MIXED PHOTOS 2014
2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\ike my best mate (rip)
2015-05-05 19:42 - 2015-06-03 00:19 - 00000000 ___RD () C:\Users\greg\OneDrive
2015-05-05 16:06 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-05-05 16:05 - 2015-05-05 16:05 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2015-05-05 16:05 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOL.dll
2015-05-05 16:05 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOU.dll
2015-05-05 16:05 - 2012-05-15 16:03 - 00096512 _____ () C:\WINDOWS\SysWOW64\CNC1769D.TBL
2015-05-05 16:05 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-05-05 16:03 - 2015-05-05 16:03 - 00002052 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-05-05 15:58 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-05 15:58 - 2015-05-05 16:04 - 00000000 ____D () C:\Program Files\Canon
2015-05-05 15:57 - 2015-05-05 15:57 - 00002389 _____ () C:\Users\Public\Desktop\Canon MX520 series On-screen Manual.lnk
2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX520 series Manual
2015-05-05 15:55 - 2015-05-05 15:56 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-05 15:08 - 2015-06-01 12:12 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-05 14:47 - 2015-05-05 14:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\STRING
2015-05-04 20:51 - 2015-05-05 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Canon
2015-05-04 20:51 - 2015-05-04 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-05-04 20:44 - 2015-05-05 16:03 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-05-04 20:31 - 2015-05-04 20:31 - 00000000 ____D () C:\WINDOWS\system32\STRING
2015-05-04 20:31 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBO.DLL
2015-05-04 20:31 - 2012-07-31 17:18 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-05-04 20:31 - 2012-07-31 17:18 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-05-04 20:31 - 2012-07-31 17:17 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-05-04 20:29 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBO.DLL
2015-05-04 20:22 - 2015-05-05 16:07 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-04 20:22 - 2015-05-04 20:22 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-05-04 14:14 - 2015-05-04 14:14 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2015-05-04 10:42 - 2015-05-12 09:00 - 00000000 ____D () C:\Users\greg\AppData\Roaming\EssentialGrammarInUse
2015-05-04 10:42 - 2015-05-04 10:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\cld3-lookup
2015-05-04 10:41 - 2015-05-04 10:41 - 00000000 __RHD () C:\Users\greg\AppData\Roaming\SecuROM
2015-05-04 10:39 - 2015-05-04 10:39 - 00002358 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essential Grammar in Use.lnk
2015-05-04 10:38 - 2015-05-04 10:38 - 00000000 ____D () C:\Program Files (x86)\Cambridge
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 00:33 - 2013-08-22 21:25 - 11272192 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-03 00:20 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 00:19 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\greg
2015-06-03 00:17 - 2015-05-02 21:53 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620
2015-06-03 00:17 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-02 23:25 - 2015-05-01 21:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-02 23:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 19:21 - 2014-11-21 16:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 12:12 - 2015-05-01 14:39 - 00000438 _____ () C:\WINDOWS\Tasks\DriverUpdate Startup.job
2015-05-30 23:30 - 2015-05-01 13:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144771067-2304087280-3493909680-1002
2015-05-30 19:21 - 2015-05-01 14:45 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Guest
2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Administrator
2015-05-29 23:17 - 2015-05-01 17:46 - 00000000 ____D () C:\Program Files\Recuva
2015-05-28 12:51 - 2015-05-01 13:25 - 00000000 ____D () C:\Users\greg\AppData\Local\Packages
2015-05-24 11:14 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-23 11:42 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 16:39 - 2015-05-01 14:39 - 00000492 _____ () C:\WINDOWS\Tasks\DriverUpdate Scan.job
2015-05-22 11:11 - 2015-05-01 14:51 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-22 11:11 - 2015-05-01 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-22 11:06 - 2015-05-02 19:03 - 00000000 ____D () C:\Users\greg\AppData\Local\Avg
2015-05-20 18:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-20 10:01 - 2015-05-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 14:26 - 2015-05-02 01:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-19 10:01 - 2015-05-01 21:02 - 00000000 ____D () C:\Users\greg\AppData\Local\Adobe
2015-05-19 09:41 - 2015-05-01 21:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-19 09:08 - 2015-05-02 18:57 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-19 09:08 - 2013-03-31 12:47 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 16:39 - 2013-08-22 22:44 - 00482672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 11:31 - 2015-05-01 21:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-14 17:54 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 17:53 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:32 - 2015-05-02 03:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 17:27 - 2015-05-02 03:48 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 17:17 - 2014-11-21 16:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 13:53 - 2014-09-09 14:13 - 00000000 __RHD () C:\MSOCache
2015-05-10 21:03 - 2015-05-01 14:39 - 00000000 ____D () C:\Users\greg\AppData\Local\CrashDumps
2015-05-07 12:03 - 2015-05-02 14:12 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Apple Computer
2015-05-07 11:40 - 2015-05-01 21:05 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-07 11:40 - 2015-05-01 21:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-06 17:32 - 2015-05-02 14:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-06 17:31 - 2015-05-02 14:06 - 00000000 ____D () C:\ProgramData\Apple
2015-05-06 15:05 - 2015-05-03 04:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-06 15:05 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-06 13:03 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-06 01:59 - 2014-11-22 00:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-06 01:59 - 2014-11-22 00:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 21:13 - 2015-05-01 13:27 - 00000000 ____D () C:\Users\greg\AppData\Local\VirtualStore
2015-05-05 16:05 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media
==================== Files in the root of some directories =======
2015-05-07 13:58 - 2015-05-20 17:25 - 0007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-22 18:00
==================== End of log ============================